· 6 years ago · Dec 06, 2019, 08:57 AM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.boyfun.com ISP MOJOHOST
4Continent North America Flag
5US
6Country United States Country Code US
7Region Michigan Local time 06 Dec 2019 02:50 EST
8City Franklin Postal Code 48025
9IP Address 74.206.167.239 Latitude 42.519
10 Longitude -83.248
11======================================================================================================================================
12#######################################################################################################################################
13> www.boyfun.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.boyfun.com
19Address: 74.206.167.239
20>
21#######################################################################################################################################
22 Domain Name: BOYFUN.COM
23 Registry Domain ID: 2283177_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.PublicDomainRegistry.com
25 Registrar URL: http://www.publicdomainregistry.com
26 Updated Date: 2019-01-28T22:04:27Z
27 Creation Date: 1998-04-02T05:00:00Z
28 Registry Expiry Date: 2021-04-01T04:00:00Z
29 Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
30 Registrar IANA ID: 303
31 Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
32 Registrar Abuse Contact Phone: +1.2013775952
33 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
34 Name Server: NS1.MOJOHOST.COM
35 Name Server: NS2.MOJOHOST.COM
36 DNSSEC: unsigned
37#######################################################################################################################################
38Domain Name: BOYFUN.COM
39Registry Domain ID: 2283177_DOMAIN_COM-VRSN
40Registrar WHOIS Server: whois.publicdomainregistry.com
41Registrar URL: www.publicdomainregistry.com
42Updated Date: 2019-01-28T22:04:28Z
43Creation Date: 1998-04-02T05:00:00Z
44Registrar Registration Expiration Date: 2021-04-01T04:00:00Z
45Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
46Registrar IANA ID: 303
47Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
48Registry Registrant ID: Not Available From Registry
49Registrant Name: Jeff B
50Registrant Organization: EENT, Inc.
51Registrant Street: 32852 Five Mile Rd.
52Registrant City: Livonia
53Registrant State/Province: Michigan
54Registrant Postal Code: 48154
55Registrant Country: US
56Registrant Phone: +734.7440144
57Registrant Phone Ext:
58Registrant Fax: +734.7440145
59Registrant Fax Ext:
60Registrant Email: DomainAdmin@karup.com
61Registry Admin ID: Not Available From Registry
62Admin Name: Jeff B
63Admin Organization: EENT, Inc.
64Admin Street: 32852 Five Mile Rd.
65Admin City: Livonia
66Admin State/Province: Michigan
67Admin Postal Code: 48154
68Admin Country: US
69Admin Phone: +734.7440144
70Admin Phone Ext:
71Admin Fax: +734.7440145
72Admin Fax Ext:
73Admin Email: DomainAdmin@karup.com
74Registry Tech ID: Not Available From Registry
75Tech Name: Jeff B
76Tech Organization: EENT, Inc.
77Tech Street: 32852 Five Mile Rd.
78Tech City: Livonia
79Tech State/Province: Michigan
80Tech Postal Code: 48154
81Tech Country: US
82Tech Phone: +734.7440144
83Tech Phone Ext:
84Tech Fax: +734.7440145
85Tech Fax Ext:
86Tech Email: DomainAdmin@karup.com
87Name Server: ns1.mojohost.com
88Name Server: ns2.mojohost.com
89DNSSEC: Unsigned
90#######################################################################################################################################
91[+] Target : www.boyfun.com
92
93[+] IP Address : 74.206.167.239
94
95[+] Headers :
96
97[+] Date : Fri, 06 Dec 2019 07:56:41 GMT
98[+] Server : Apache
99[+] X-Powered-By : PHP/7.0.20
100[+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
101[+] Cache-Control : no-store, no-cache, must-revalidate
102[+] Pragma : no-cache
103[+] Vary : User-Agent,Accept-Encoding
104[+] Content-Encoding : gzip
105[+] Content-Length : 3635
106[+] Keep-Alive : timeout=5, max=99
107[+] Connection : Keep-Alive
108[+] Content-Type : text/html;charset=utf-8
109
110[+] SSL Certificate Information :
111
112[+] commonName : boyfun.com
113[+] countryName : US
114[+] organizationName : Let's Encrypt
115[+] commonName : Let's Encrypt Authority X3
116[+] Version : 3
117[+] Serial Number : 03E56C4061D19525BD6CF054B673BFD65629
118[+] Not Before : Sep 23 01:35:06 2019 GMT
119[+] Not After : Dec 22 01:35:06 2019 GMT
120[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
121[+] subject Alt Name : (('DNS', 'boyfun.com'), ('DNS', 'www.boyfun.com'))
122[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
123
124[+] Whois Lookup :
125
126[+] NIR : None
127[+] ASN Registry : arin
128[+] ASN : 27589
129[+] ASN CIDR : 74.206.160.0/19
130[+] ASN Country Code : US
131[+] ASN Date : 2008-05-12
132[+] ASN Description : MOJOHOST - MOJOHOST, US
133[+] cidr : 74.206.160.0/19
134[+] name : MOJOHOST
135[+] handle : NET-74-206-160-0-1
136[+] range : 74.206.160.0 - 74.206.191.255
137[+] description : MOJOHOST
138[+] country : US
139[+] state : MI
140[+] city : BINGHAM FARMS
141[+] address : 30300 TELEGRAPH RD, SUITE 110
142[+] postal_code : 48025
143[+] emails : ['NOC@mojohost.com', 'ABUSE@mojohost.com', 'IPADMIN@mojohost.com']
144[+] created : 2008-05-12
145[+] updated : 2012-06-12
146
147[+] Crawling Target...
148
149[+] Looking for robots.txt........[ Found ]
150[+] Extracting robots Links.......[ 10 ]
151[+] Looking for sitemap.xml.......[ Not Found ]
152[+] Extracting CSS Links..........[ 8 ]
153[+] Extracting Javascript Links...[ 8 ]
154[+] Extracting Internal Links.....[ 11 ]
155[+] Extracting External Links.....[ 5 ]
156[+] Extracting Images.............[ 1 ]
157
158[+] Total Links Extracted : 43
159
160[+] Dumping Links in /opt/FinalRecon/dumps/www.boyfun.com.dump
161[+] Completed!
162#######################################################################################################################################
163[i] Scanning Site: https://www.boyfun.com
164
165
166
167B A S I C I N F O
168====================
169
170
171[+] Site Title:
172[+] IP address: 74.206.167.239
173[+] Web Server: Apache
174[+] CMS: Could Not Detect
175[+] Cloudflare: Not Detected
176[+] Robots File: Found
177
178-------------[ contents ]----------------
179User-agent: *
180Disallow: /admin/
181Disallow: /includes/
182
183Disallow: /controllers/
184Disallow: /api/
185Disallow: /content/
186Disallow: /csv_photos/
187Disallow: /ftp_content/
188Disallow: /ftp_photos/
189Disallow: /temp_users_uploads/
190Disallow: /cache/
191
192-----------[end of contents]-------------
193
194
195
196W H O I S L O O K U P
197========================
198
199 Domain Name: BOYFUN.COM
200 Registry Domain ID: 2283177_DOMAIN_COM-VRSN
201 Registrar WHOIS Server: whois.PublicDomainRegistry.com
202 Registrar URL: http://www.publicdomainregistry.com
203 Updated Date: 2019-01-28T22:04:27Z
204 Creation Date: 1998-04-02T05:00:00Z
205 Registry Expiry Date: 2021-04-01T04:00:00Z
206 Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
207 Registrar IANA ID: 303
208 Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
209 Registrar Abuse Contact Phone: +1.2013775952
210 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
211 Name Server: NS1.MOJOHOST.COM
212 Name Server: NS2.MOJOHOST.COM
213 DNSSEC: unsigned
214 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
215>>> Last update of whois database: 2019-12-06T07:57:00Z <<<
216
217For more information on Whois status codes, please visit https://icann.org/epp
218
219
220
221The Registry database contains ONLY .COM, .NET, .EDU domains and
222Registrars.
223
224
225
226
227G E O I P L O O K U P
228=========================
229
230[i] IP Address: 74.206.167.239
231[i] Country: United States
232[i] State: Michigan
233[i] City: Franklin
234[i] Latitude: 42.5219
235[i] Longitude: -83.2519
236
237
238
239
240H T T P H E A D E R S
241=======================
242
243
244[i] HTTP/1.1 302 Found
245[i] Date: Fri, 06 Dec 2019 07:57:12 GMT
246[i] Server: Apache
247[i] X-Powered-By: PHP/7.0.20
248[i] Set-Cookie: PHPSESSID=k5r3gv6kn2mbns2mgvisq4p075; expires=Sat, 07-Dec-2019 07:57:12 GMT; Max-Age=86400; path=/
249[i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
250[i] Cache-Control: no-store, no-cache, must-revalidate
251[i] Pragma: no-cache
252[i] Location: https://www.boyfun.com/warning/
253[i] Vary: User-Agent,Accept-Encoding
254[i] Content-Length: 3553
255[i] Connection: close
256[i] Content-Type: text/html;charset=utf-8
257[i] HTTP/1.1 200 OK
258[i] Date: Fri, 06 Dec 2019 07:57:14 GMT
259[i] Server: Apache
260[i] X-Powered-By: PHP/7.0.20
261[i] Set-Cookie: PHPSESSID=dlkuo558689ae139g7e2b7rov2; expires=Sat, 07-Dec-2019 07:57:14 GMT; Max-Age=86400; path=/
262[i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
263[i] Cache-Control: no-store, no-cache, must-revalidate
264[i] Pragma: no-cache
265[i] Vary: User-Agent,Accept-Encoding
266[i] Connection: close
267[i] Content-Type: text/html;charset=utf-8
268
269
270
271
272D N S L O O K U P
273===================
274
275boyfun.com. 59 IN SOA ns1.mojohost.com. postmaster.mojohost.com. 2019052001 28800 14400 3600000 86400
276boyfun.com. 59 IN A 74.206.167.239
277boyfun.com. 59 IN MX 5 mail.boyfun.com.
278boyfun.com. 59 IN NS ns1.mojohost.com.
279boyfun.com. 59 IN NS ns2.mojohost.com.
280
281
282
283
284S U B N E T C A L C U L A T I O N
285====================================
286
287Address = 74.206.167.239
288Network = 74.206.167.239 / 32
289Netmask = 255.255.255.255
290Broadcast = not needed on Point-to-Point links
291Wildcard Mask = 0.0.0.0
292Hosts Bits = 0
293Max. Hosts = 1 (2^0 - 0)
294Host Range = { 74.206.167.239 - 74.206.167.239 }
295
296
297
298N M A P P O R T S C A N
299============================
300
301Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-06 07:57 UTC
302Nmap scan report for boyfun.com (74.206.167.239)
303Host is up (0.034s latency).
304
305PORT STATE SERVICE
30621/tcp filtered ftp
30722/tcp filtered ssh
30823/tcp filtered telnet
30980/tcp open http
310110/tcp filtered pop3
311143/tcp filtered imap
312443/tcp open https
3133389/tcp filtered ms-wbt-server
314
315Nmap done: 1 IP address (1 host up) scanned in 1.60 seconds
316
317
318
319S U B - D O M A I N F I N D E R
320==================================
321
322
323[i] Total Subdomains Found : 14
324
325[+] Subdomain: dvd.boyfun.com
326[-] IP: 74.206.161.199
327
328[+] Subdomain: new.dvd.boyfun.com
329[-] IP: 74.206.161.199
330
331[+] Subdomain: free.boyfun.com
332[-] IP: 74.206.161.199
333
334[+] Subdomain: secure.boyfun.com
335[-] IP: 74.206.161.198
336
337[+] Subdomain: fhg.boyfun.com
338[-] IP: 74.206.161.199
339
340[+] Subdomain: blog.boyfun.com
341[-] IP: 74.206.161.199
342
343[+] Subdomain: mail.boyfun.com
344[-] IP: 74.206.161.196
345
346[+] Subdomain: join.boyfun.com
347[-] IP: 74.206.161.198
348
349[+] Subdomain: deals.boyfun.com
350[-] IP: 104.131.111.107
351
352[+] Subdomain: cms.boyfun.com
353[-] IP: 74.206.161.214
354
355[+] Subdomain: members.boyfun.com
356[-] IP: 74.206.167.239
357
358[+] Subdomain: mbmembers.boyfun.com
359[-] IP: 74.206.161.214
360
361[+] Subdomain: www.boyfun.com
362[-] IP: 74.206.167.239
363
364[+] Subdomain: www.gay.comwww.boyfun.com
365[-] IP: 74.206.161.199
366#######################################################################################################################################
367[INFO] ------TARGET info------
368[*] TARGET: https://www.boyfun.com/warning/
369[*] TARGET IP: 74.206.167.239
370[INFO] NO load balancer detected for www.boyfun.com...
371[*] DNS servers: ns1.mojohost.com.
372[*] TARGET server: Apache
373[*] CC: US
374[*] Country: United States
375[*] RegionCode: MI
376[*] RegionName: Michigan
377[*] City: Farmington Hills
378[*] ASN: AS27589
379[*] BGP_PREFIX: 74.206.160.0/19
380[*] ISP: MOJOHOST - MOJOHOST, US
381[INFO] SSL/HTTPS certificate detected
382[*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
383[*] Subject: subject=CN = boyfun.com
384[ALERT] Let's Encrypt is commonly used for Phishing
385[INFO] DNS enumeration:
386[*] ad.boyfun.com 74.206.161.199
387[*] admin.boyfun.com 74.206.161.199
388[*] ads.boyfun.com 74.206.161.199
389[*] alpha.boyfun.com 74.206.161.199
390[*] api.boyfun.com 74.206.161.199
391[*] api-online.boyfun.com 74.206.161.199
392[*] apolo.boyfun.com 74.206.161.199
393[*] app.boyfun.com 74.206.161.199
394[*] beta.boyfun.com 74.206.161.199
395[*] bi.boyfun.com 74.206.161.199
396[*] blog.boyfun.com 74.206.161.199
397[*] cdn.boyfun.com cds.d4r6z5s2.hwcdn.net. 69.16.175.10 69.16.175.42
398[*] events.boyfun.com 74.206.161.199
399[*] ex.boyfun.com 74.206.161.199
400[*] files.boyfun.com 74.206.161.199
401[*] ftp.boyfun.com 74.206.161.199
402[*] gateway.boyfun.com 74.206.161.199
403[*] go.boyfun.com 74.206.161.199
404[*] help.boyfun.com 74.206.161.199
405[*] ib.boyfun.com 74.206.161.199
406[*] images.boyfun.com 74.206.161.199
407[*] internetbanking.boyfun.com 74.206.161.199
408[*] intranet.boyfun.com 74.206.161.199
409[*] jobs.boyfun.com 74.206.161.199
410[*] join.boyfun.com 74.206.161.198
411[*] live.boyfun.com 74.206.161.199
412[*] login.boyfun.com 74.206.161.199
413[*] m.boyfun.com 74.206.161.199
414[*] mail.boyfun.com 74.206.161.196
415[*] mail2.boyfun.com 74.206.161.199
416[*] mobile.boyfun.com 74.206.161.199
417[*] moodle.boyfun.com 74.206.161.199
418[*] mx.boyfun.com 74.206.161.199
419[*] mx2.boyfun.com 74.206.161.199
420[*] mx3.boyfun.com 74.206.161.199
421[*] my.boyfun.com 74.206.161.199
422[*] new.boyfun.com 74.206.161.199
423[*] news.boyfun.com 74.206.161.199
424[*] ns1.boyfun.com 74.206.161.199
425[*] ns2.boyfun.com 74.206.161.199
426[*] ns3.boyfun.com 74.206.161.199
427[*] oauth.boyfun.com 74.206.161.199
428[*] old.boyfun.com 74.206.161.199
429[*] one.boyfun.com 74.206.161.199
430[*] open.boyfun.com 74.206.161.199
431[*] out.boyfun.com 74.206.161.199
432[*] outlook.boyfun.com 74.206.161.199
433[*] portfolio.boyfun.com 74.206.161.199
434[*] raw.boyfun.com 74.206.161.199
435[*] repo.boyfun.com 74.206.161.199
436[*] router.boyfun.com 74.206.161.199
437[*] search.boyfun.com 74.206.161.199
438[*] siem.boyfun.com 74.206.161.199
439[*] slack.boyfun.com 74.206.161.199
440[*] slackbot.boyfun.com 74.206.161.199
441[*] snmp.boyfun.com 74.206.161.199
442[*] stream.boyfun.com 74.206.161.199
443[*] support.boyfun.com 74.206.161.199
444[*] syslog.boyfun.com 74.206.161.199
445[*] tags.boyfun.com 74.206.161.199
446[*] test.boyfun.com 74.206.161.199
447[*] upload.boyfun.com 74.206.161.199
448[*] video.boyfun.com 74.206.161.199
449[*] vpn.boyfun.com 74.206.161.199
450[*] webconf.boyfun.com 74.206.161.199
451[*] webmail.boyfun.com 74.206.161.199
452[*] webportal.boyfun.com 74.206.161.199
453[*] wiki.boyfun.com 74.206.161.199
454[*] www2.boyfun.com 74.206.161.199
455[*] www3.boyfun.com 74.206.161.199
456[*] zendesk.boyfun.com 74.206.161.199
457[INFO] Possible abuse mails are:
458[*] abuse@boyfun.com
459[*] abuse@mojohost.com
460[*] abuse@www.boyfun.com
461[INFO] NO PAC (Proxy Auto Configuration) file FOUND
462[ALERT] robots.txt file FOUND in http://www.boyfun.com/robots.txt
463[INFO] Checking for HTTP status codes recursively from http://www.boyfun.com/robots.txt
464[INFO] Status code Folders
465[INFO] Starting FUZZing in http://www.boyfun.com/FUzZzZzZzZz...
466[INFO] Status code Folders
467[ALERT] Look in the source code. It may contain passwords
468
469Recherche 74.206.167.239
470Connexion HTTP à 74.206.167.239
471Envoi de la requête HTTP.
472Requête HTTP envoyée. Attente de réponse.
473HTTP/1.1 301 Moved Permanently
474Transfert de données terminé
475HTTP/1.1 301 Moved Permanently
476Utilisation de https://74.206.167.239/
477Recherche 74.206.167.239
478Connexion HTTPS à 74.206.167.239
479
480lynx : accès impossible au fichier de départ http://74.206.167.239/
481[INFO] Links found from https://www.boyfun.com/warning/ http://74.206.167.239/:
482[*] http://boyfunmodels.com/
483[*] https://members.boyfun.com/
484[*] https://secure.boyfun.com/signup/signup.php?nats=NzA0ODA4LjE5LjUuNS4wLjAuMC4wLjA
485[*] https://www.boyfun.com/
486[*] https://www.boyfun.com/2257/
487[*] https://www.boyfun.com/billing/
488[*] https://www.boyfun.com/featured-videos/
489[*] https://www.boyfun.com/home/
490[*] https://www.boyfun.com/models/
491[*] https://www.boyfun.com/photos/
492[*] https://www.boyfun.com/privacy/
493[*] https://www.boyfun.com/support/
494[*] https://www.boyfun.com/terms/
495[*] https://www.boyfun.com/videos/
496[*] https://www.boyfun.com/warning/#mmenu
497[*] https://www.google.com/
498[*] https://www.xxxrewards.com/
499cut: intervalle de champ incorrecte
500Saisissez « cut --help » pour plus d'informations.
501[INFO] Shodan detected the following opened ports on 74.206.167.239:
502[*] 2019
503[*] 443
504[*] 7
505[*] 80
506[*] 9675
507[INFO] ------VirusTotal SECTION------
508[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
509[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
510[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
511[INFO] ------Alexa Rank SECTION------
512[INFO] Percent of Visitors Rank in Country:
513[INFO] Percent of Search Traffic:
514[INFO] Percent of Unique Visits:
515[INFO] Total Sites Linking In:
516[*] Total Sites
517[INFO] Useful links related to www.boyfun.com - 74.206.167.239:
518[*] https://www.virustotal.com/pt/ip-address/74.206.167.239/information/
519[*] https://www.hybrid-analysis.com/search?host=74.206.167.239
520[*] https://www.shodan.io/host/74.206.167.239
521[*] https://www.senderbase.org/lookup/?search_string=74.206.167.239
522[*] https://www.alienvault.com/open-threat-exchange/ip/74.206.167.239
523[*] http://pastebin.com/search?q=74.206.167.239
524[*] http://urlquery.net/search.php?q=74.206.167.239
525[*] http://www.alexa.com/siteinfo/www.boyfun.com
526[*] http://www.google.com/safebrowsing/diagnostic?site=www.boyfun.com
527[*] https://censys.io/ipv4/74.206.167.239
528[*] https://www.abuseipdb.com/check/74.206.167.239
529[*] https://urlscan.io/search/#74.206.167.239
530[*] https://github.com/search?q=74.206.167.239&type=Code
531[INFO] Useful links related to AS27589 - 74.206.160.0/19:
532[*] http://www.google.com/safebrowsing/diagnostic?site=AS:27589
533[*] https://www.senderbase.org/lookup/?search_string=74.206.160.0/19
534[*] http://bgp.he.net/AS27589
535[*] https://stat.ripe.net/AS27589
536[INFO] Date: 06/12/19 | Time: 03:01:04
537[INFO] Total time: 3 minute(s) and 40 second(s)
538#######################################################################################################################################
539[+] Starting At 2019-12-06 03:01:05.104289
540[+] Collecting Information On: https://www.boyfun.com/
541[#] Status: 200
542--------------------------------------------------
543[#] Web Server Detected: Apache
544[#] X-Powered-By: PHP/7.0.20
545[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
546- Date: Fri, 06 Dec 2019 08:01:06 GMT
547- Server: Apache
548- X-Powered-By: PHP/7.0.20
549- Expires: Thu, 19 Nov 1981 08:52:00 GMT
550- Cache-Control: no-store, no-cache, must-revalidate
551- Pragma: no-cache
552- Vary: User-Agent,Accept-Encoding
553- Content-Encoding: gzip
554- Content-Length: 3635
555- Keep-Alive: timeout=5, max=99
556- Connection: Keep-Alive
557- Content-Type: text/html;charset=utf-8
558--------------------------------------------------
559[#] Finding Location..!
560[#] status: success
561[#] country: United States
562[#] countryCode: US
563[#] region: MI
564[#] regionName: Michigan
565[#] city: Farmington Hills
566[#] zip: 48334
567[#] lat: 42.5203
568[#] lon: -83.3413
569[#] timezone: America/Detroit
570[#] isp: MOJOHOST
571[#] org: Mojohost VL655 MOJO-LVS-LB
572[#] as: AS27589 MOJOHOST
573[#] query: 74.206.167.239
574--------------------------------------------------
575[x] Didn't Detect WAF Presence on: https://www.boyfun.com/warning/
576--------------------------------------------------
577[#] Starting Reverse DNS
578[!] Found 7 any Domain
579- boyfun.com
580- karups.com
581- karupsha.com
582- karupsow.com
583- karupspc.com
584- members.karups.com
585- www.karups.com
586--------------------------------------------------
587[!] Scanning Open Port
588[#] 80/tcp open http
589[#] 443/tcp open https
590--------------------------------------------------
591[+] Collecting Information Disclosure!
592[#] Detecting sitemap.xml file
593[-] sitemap.xml file not Found!?
594[#] Detecting robots.txt file
595[!] robots.txt File Found: https://www.boyfun.com//robots.txt
596[#] Detecting GNU Mailman
597[!] Done At 2019-12-06 03:01:58.288403
598#######################################################################################################################################
599Trying "boyfun.com"
600;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52279
601;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 2
602
603;; QUESTION SECTION:
604;boyfun.com. IN ANY
605
606;; ANSWER SECTION:
607boyfun.com. 60 IN MX 5 mail.boyfun.com.
608boyfun.com. 60 IN A 74.206.167.239
609boyfun.com. 60 IN SOA ns1.mojohost.com. postmaster.mojohost.com. 2019052001 28800 14400 3600000 86400
610boyfun.com. 60 IN NS ns1.mojohost.com.
611boyfun.com. 60 IN NS ns2.mojohost.com.
612
613;; ADDITIONAL SECTION:
614ns1.mojohost.com. 20392 IN A 64.59.64.2
615ns2.mojohost.com. 20392 IN A 64.59.65.2
616
617Received 189 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 111 ms
618#######################################################################################################################################
619; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace boyfun.com any
620;; global options: +cmd
621. 80328 IN NS b.root-servers.net.
622. 80328 IN NS l.root-servers.net.
623. 80328 IN NS a.root-servers.net.
624. 80328 IN NS k.root-servers.net.
625. 80328 IN NS h.root-servers.net.
626. 80328 IN NS e.root-servers.net.
627. 80328 IN NS m.root-servers.net.
628. 80328 IN NS g.root-servers.net.
629. 80328 IN NS j.root-servers.net.
630. 80328 IN NS f.root-servers.net.
631. 80328 IN NS d.root-servers.net.
632. 80328 IN NS i.root-servers.net.
633. 80328 IN NS c.root-servers.net.
634. 80328 IN RRSIG NS 8 0 518400 20191219050000 20191206040000 22545 . M8YFLxu+nyFIEyqDVDnPl8V1dhsgzhfaucnDmLAQ0Vbnopnz9t0Wh1Z+ 7CRwWFhgXQrYEK4zVzgUQVG54XIAdif/kgzMV01l3hKKJMnyutq7Kp1g CZVdAVnRjmVWm5vk59MoztW6stpN5NmezlUWYOJtLMqJH3VsduzllwiD xZQu5DM/tJrDrQWEWsFhgSrGJhHkoftJIPBbvbnc2QiLZYAzo+ihXdBw Epp4tpOgyCRtFKHab3Zhg0ZR/2lHM/iqYlBcT/B0XVgajCQWGaIkODXm 6H8C/8q8E0+WaejJ/SqmQhJWNCPkQezeR/3cz9CfjrICfhONjkwtM4/J 6LCy7w==
635;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 173 ms
636
637com. 172800 IN NS e.gtld-servers.net.
638com. 172800 IN NS b.gtld-servers.net.
639com. 172800 IN NS j.gtld-servers.net.
640com. 172800 IN NS m.gtld-servers.net.
641com. 172800 IN NS i.gtld-servers.net.
642com. 172800 IN NS f.gtld-servers.net.
643com. 172800 IN NS a.gtld-servers.net.
644com. 172800 IN NS g.gtld-servers.net.
645com. 172800 IN NS h.gtld-servers.net.
646com. 172800 IN NS l.gtld-servers.net.
647com. 172800 IN NS k.gtld-servers.net.
648com. 172800 IN NS c.gtld-servers.net.
649com. 172800 IN NS d.gtld-servers.net.
650com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
651com. 86400 IN RRSIG DS 8 1 86400 20191219050000 20191206040000 22545 . OBLBMAKPWdA9vtl+G+51COaZLcCCWqZZHqV/EgOTAVGNDx4JrinTOynB eY2PHFjv4VbzRhjZxic7LH3gVJhO0T7nu+VygYvL2jshHIP+1uc15fzl 42PgBvJEVVV2FZoMDoS72wJ10jK/dN2PfhPfXTrK42XqGDa253opx2W2 +aTcu4YsXCbEjn7z2wg5LguHcsFX56zhYONsnH2UWtCAQCQhBH64M/NL CweHmJNTEjvhBQOATGB66vuhkgn5v9EpBwRSH/MG6klVj6KOfcpHpbAj GKjazHo3A7l4e5EkVYXNhDPF2bI3/thcplNFkGDvuAAfrftfnvddZWgB beBOGg==
652;; Received 1170 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 47 ms
653
654boyfun.com. 172800 IN NS ns1.mojohost.com.
655boyfun.com. 172800 IN NS ns2.mojohost.com.
656CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
657CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20191213054807 20191206043807 12163 com. NjRosY9LtJZsqeG+g+/JAi8jqB/0KYSqvkI/a4KEUM8atk25ERfJ+69Y WLKQDc048p4OC4TFn/R+Z73M3Xo1uAp0QSiBOzQXasVb0RvXKJOIfDyy mIMQh9IJGXXBMNgrbCG1AaN4DyU4uTxi6nIsoOc58h1FYov7seLt9ezy waw1r5UbrRg6J7xML7Ge/yui3VffXOYoeitCRJZkeTvcGg==
658UCCRVPV3ML58UVJ50QA1M90GVERSDOTH.com. 86400 IN NSEC3 1 1 0 - UCCTR25F06Q8G0B80KBP6S4I1VNBH3L4 NS DS RRSIG
659UCCRVPV3ML58UVJ50QA1M90GVERSDOTH.com. 86400 IN RRSIG NSEC3 8 2 86400 20191213063400 20191206052400 12163 com. K5dfsF0+w8ER6sVdmP+B7kY5vDdNxTWMcBEall7CKs12sPVuPQdueqnW d1ivv0G/j6dCcSoswRQ9pskIzh0u2Y/1QHMkH5xdoE5arbmHeclq5c5f d5IgoKoCEcaeTOfsQW8mMBz3wwJfD6YOCeklrxFVCalVPgwkcfG1bgKY 9HcTKMehNhoSJbL82Sa9/vXzPsrNTnPWP6PCpjfBgJxpRQ==
660;; Received 665 bytes from 192.5.6.30#53(a.gtld-servers.net) in 179 ms
661
662boyfun.com. 60 IN SOA ns1.mojohost.com. postmaster.mojohost.com. 2019052001 28800 14400 3600000 86400
663boyfun.com. 60 IN NS ns2.mojohost.com.
664boyfun.com. 60 IN NS ns1.mojohost.com.
665boyfun.com. 60 IN MX 5 mail.boyfun.com.
666boyfun.com. 60 IN A 74.206.167.239
667;; Received 216 bytes from 64.59.64.2#53(ns1.mojohost.com) in 278 ms
668#######################################################################################################################################
669[*] Processing domain boyfun.com
670[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
671[+] Getting nameservers
672[-] Getting nameservers failed
673[-] Zone transfer failed
674
675[+] MX records found, added to target list
6765 mail.boyfun.com.
677
678[+] Wildcard domain found - 74.206.161.199
679[*] Scanning boyfun.com for A records
68074.206.167.239 - boyfun.com
68169.16.175.42 - cdn.boyfun.com
68269.16.175.10 - cdn.boyfun.com
68374.206.161.214 - cms.boyfun.com
68474.206.161.198 - gallery.boyfun.com
68574.206.161.196 - mail.boyfun.com
68674.206.167.239 - media.boyfun.com
68774.206.167.239 - members.boyfun.com
68874.206.161.198 - secure.boyfun.com
68974.206.167.239 - www.boyfun.com
690
691#######################################################################################################################################
692Parsero scan report for www.boyfun.com
693http://www.boyfun.com/ftp_content/ 301 Moved Permanently
694http://www.boyfun.com/controllers/ 301 Moved Permanently
695http://www.boyfun.com/content/ 301 Moved Permanently
696http://www.boyfun.com/cache/ 301 Moved Permanently
697http://www.boyfun.com/csv_photos/ 301 Moved Permanently
698http://www.boyfun.com/admin/ 301 Moved Permanently
699http://www.boyfun.com/includes/ 301 Moved Permanently
700http://www.boyfun.com/ftp_photos/ 301 Moved Permanently
701http://www.boyfun.com/temp_users_uploads/ 301 Moved Permanently
702http://www.boyfun.com/api/ 301 Moved Permanently
703
704[+] 10 links have been analyzed but any them are available...
705#######################################################################################################################################
706
707 AVAILABLE PLUGINS
708 -----------------
709
710 CertificateInfoPlugin
711 OpenSslCipherSuitesPlugin
712 CompressionPlugin
713 HeartbleedPlugin
714 SessionResumptionPlugin
715 RobotPlugin
716 OpenSslCcsInjectionPlugin
717 HttpHeadersPlugin
718 EarlyDataPlugin
719 SessionRenegotiationPlugin
720 FallbackScsvPlugin
721
722
723
724 CHECKING HOST(S) AVAILABILITY
725 -----------------------------
726
727 74.206.167.239:443 => 74.206.167.239
728
729
730
731
732 SCAN RESULTS FOR 74.206.167.239:443 - 74.206.167.239
733 ----------------------------------------------------
734
735 * Downgrade Attacks:
736 TLS_FALLBACK_SCSV: OK - Supported
737
738 * TLSV1_3 Cipher Suites:
739 Server rejected all cipher suites.
740
741 * Session Renegotiation:
742 Client-initiated Renegotiation: OK - Rejected
743 Secure Renegotiation: OK - Supported
744
745 * TLS 1.2 Session Resumption Support:
746 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
747 With TLS Tickets: OK - Supported
748
749 * OpenSSL Heartbleed:
750 OK - Not vulnerable to Heartbleed
751
752 * TLSV1_1 Cipher Suites:
753 Forward Secrecy OK - Supported
754 RC4 OK - Not Supported
755
756 Preferred:
757 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
758 Accepted:
759 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
760 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
761 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
762 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
763 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
764 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
765 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
766 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
767 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
768 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
769 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
770 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
771 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
772 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
773 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
774 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
775 Undefined - An unexpected error happened:
776 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
777
778 * Deflate Compression:
779 OK - Compression disabled
780
781 * TLSV1_2 Cipher Suites:
782 Forward Secrecy OK - Supported
783 RC4 OK - Not Supported
784
785 Preferred:
786 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
787 Accepted:
788 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
789 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
790 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
791 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
792 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
793 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
794 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
795 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
796 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
797 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
798 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
799 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
800 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
801 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
802 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
803 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
804 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
805 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
806 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
807 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
808 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
809 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
810 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
811 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
812 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
813 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
814 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
815 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
816 Undefined - An unexpected error happened:
817 TLS_RSA_WITH_3DES_EDE_CBC_SHA timeout - timed out
818
819 * Certificate Information:
820 Content
821 SHA1 Fingerprint: b71de24912733fa10b01ea0ccd0f27a559876d87
822 Common Name: karupspc.com
823 Issuer: Let's Encrypt Authority X3
824 Serial Number: 288496834081444460112677589840665901370813
825 Not Before: 2019-09-25 01:35:57
826 Not After: 2019-12-24 01:35:57
827 Signature Algorithm: sha256
828 Public Key Algorithm: RSA
829 Key Size: 2048
830 Exponent: 65537 (0x10001)
831 DNS Subject Alternative Names: ['karupspc.com', 'mbtour.karupspc.com', 'www.karupspc.com', 'www3.karupspc.com']
832
833 Trust
834 Hostname Validation: FAILED - Certificate does NOT match 74.206.167.239
835 Android CA Store (9.0.0_r9): OK - Certificate is trusted
836 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
837 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
838 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
839 Windows CA Store (2019-05-27): OK - Certificate is trusted
840 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
841 Received Chain: karupspc.com --> Let's Encrypt Authority X3
842 Verified Chain: karupspc.com --> Let's Encrypt Authority X3 --> DST Root CA X3
843 Received Chain Contains Anchor: OK - Anchor certificate not sent
844 Received Chain Order: OK - Order is valid
845 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
846
847 Extensions
848 OCSP Must-Staple: NOT SUPPORTED - Extension not found
849 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
850
851 OCSP Stapling
852 NOT SUPPORTED - Server did not send back an OCSP response
853
854 * ROBOT Attack:
855 OK - Not vulnerable
856
857 * OpenSSL CCS Injection:
858 OK - Not vulnerable to OpenSSL CCS injection
859
860 * SSLV2 Cipher Suites:
861 Server rejected all cipher suites.
862
863 * SSLV3 Cipher Suites:
864 Server rejected all cipher suites.
865
866 * TLSV1 Cipher Suites:
867 Forward Secrecy OK - Supported
868 RC4 OK - Not Supported
869
870 Preferred:
871 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
872 Accepted:
873 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
874 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
875 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
876 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
877 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
878 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
879 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
880 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
881 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
882 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
883 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
884 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
885 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
886 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
887 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
888 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 301 Moved Permanently - https://www.karupspc.com/
889
890
891 SCAN COMPLETED IN 31.44 S
892 -------------------------
893#######################################################################################################################################
894
895Domains still to check: 1
896 Checking if the hostname boyfun.com. given is in fact a domain...
897
898Analyzing domain: boyfun.com.
899 Checking NameServers using system default resolver...
900 IP: 64.59.64.2 (United States)
901 HostName: ns1.mojohost.com Type: NS
902 HostName: ns1.mojohost.com Type: PTR
903 IP: 64.59.65.2 (United States)
904 HostName: ns2.mojohost.com Type: NS
905 HostName: ns2.mojohost.com Type: PTR
906
907 Checking MailServers using system default resolver...
908 IP: 74.206.161.196 (United States)
909 HostName: mail.boyfun.com Type: MX
910 HostName: mail.eentsupport.com Type: PTR
911 WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
912
913 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
914 No zone transfer found on nameserver 64.59.65.2
915 No zone transfer found on nameserver 64.59.64.2
916
917 Checking SPF record...
918 No SPF record
919
920 Checking 1 most common hostnames using system default resolver...
921 IP: 74.206.167.239 (United States)
922 HostName: www.boyfun.com. Type: A
923
924 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
925 Checking netblock 64.59.65.0
926 Checking netblock 74.206.161.0
927 Checking netblock 64.59.64.0
928 Checking netblock 74.206.167.0
929
930 Searching for boyfun.com. emails in Google
931
932 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
933 Host 64.59.65.2 is up (reset ttl 64)
934 Host 74.206.161.196 is up (reset ttl 64)
935 Host 64.59.64.2 is up (reset ttl 64)
936 Host 74.206.167.239 is up (reset ttl 64)
937
938 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
939 Scanning ip 64.59.65.2 (ns2.mojohost.com (PTR)):
940 53/tcp open domain syn-ack ttl 49 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
941 | dns-nsid:
942 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.2
943 Device type: general purpose|storage-misc|router|WAP|broadband router|media device
944 Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
945 OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
946 Scanning ip 74.206.161.196 (mail.eentsupport.com (PTR)):
947 80/tcp open http syn-ack ttl 49 Apache httpd
948 | http-methods:
949 | Supported Methods: GET HEAD POST OPTIONS TRACE
950 |_ Potentially risky methods: TRACE
951 |_http-server-header: Apache
952 |_http-title: Site doesn't have a title (text/html).
953 110/tcp open pop3 syn-ack ttl 49 Dovecot pop3d
954 |_pop3-capabilities: SASL(PLAIN LOGIN) UIDL STLS USER RESP-CODES TOP CAPA PIPELINING
955 |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
956 143/tcp open imap syn-ack ttl 49 Dovecot imapd
957 |_imap-capabilities: LOGIN-REFERRALS LITERAL+ IDLE AUTH=PLAIN IMAP4rev1 completed ID SASL-IR ENABLE STARTTLS OK AUTH=LOGINA0001 Capability
958 |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
959 443/tcp open http syn-ack ttl 49 Apache httpd
960 | http-methods:
961 | Supported Methods: GET HEAD POST OPTIONS TRACE
962 |_ Potentially risky methods: TRACE
963 |_http-server-header: Apache
964 |_http-title: Site doesn't have a title (text/html).
965 465/tcp open ssl/smtps? syn-ack ttl 49
966 |_smtp-commands: Couldn't establish connection on port 465
967 |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
968 587/tcp open smtp syn-ack ttl 49 Postfix smtpd
969 |_smtp-commands: cs2698.mojohost.com, PIPELINING, SIZE 134217728, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
970 |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
971 993/tcp open ssl/imaps? syn-ack ttl 49
972 |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
973 995/tcp open ssl/pop3s? syn-ack ttl 49
974 |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
975 Device type: general purpose|storage-misc|router|broadband router|media device|WAP
976 Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Netgear RAIDiator 4.X (90%), Infomir embedded (89%)
977 OS Info: Service Info: Host: cs2698.mojohost.com
978 Scanning ip 64.59.64.2 (ns1.mojohost.com (PTR)):
979 53/tcp open domain syn-ack ttl 49 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
980 | dns-nsid:
981 |_ bind.version: 9.9.4-RedHat-9.9.4-51.el7
982 OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
983 Scanning ip 74.206.167.239 (www.boyfun.com.):
984 80/tcp open http syn-ack ttl 49 Apache httpd
985 | http-methods:
986 |_ Supported Methods: GET HEAD POST OPTIONS
987 |_http-server-header: Apache
988 |_http-title: Did not follow redirect to https://74.206.167.239/
989 |_https-redirect: ERROR: Script execution failed (use -d to debug)
990 443/tcp open ssl/http syn-ack ttl 49 Apache httpd
991 | http-methods:
992 |_ Supported Methods: GET HEAD POST OPTIONS
993 |_http-server-header: Apache
994 |_http-title: Did not follow redirect to https://www.karupspc.com/
995 | ssl-cert: Subject: commonName=karupspc.com
996 | Subject Alternative Name: DNS:karupspc.com, DNS:mbtour.karupspc.com, DNS:www.karupspc.com, DNS:www3.karupspc.com
997 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
998 | Public Key type: rsa
999 | Public Key bits: 2048
1000 | Signature Algorithm: sha256WithRSAEncryption
1001 | Not valid before: 2019-09-25T01:35:57
1002 | Not valid after: 2019-12-24T01:35:57
1003 | MD5: 5bc3 605f 9819 87f5 f4bf 5b7a e1a1 5868
1004 |_SHA-1: b71d e249 1273 3fa1 0b01 ea0c cd0f 27a5 5987 6d87
1005 |_ssl-date: 2019-12-06T08:19:30+00:00; 0s from scanner time.
1006 Device type: general purpose|storage-misc|broadband router|router|WAP
1007 Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Ubiquiti embedded (90%), Ubiquiti AirOS 5.X (89%), AVM FritzOS 6.X (88%), Hitron embedded (88%)
1008 WebCrawling domain's web servers... up to 50 max links.
1009
1010 + URL to crawl: http://mail.boyfun.com
1011 + Date: 2019-12-06
1012
1013 + Crawling URL: http://mail.boyfun.com:
1014 + Links:
1015 + Crawling http://mail.boyfun.com
1016 + Searching for directories...
1017 + Searching open folders...
1018
1019
1020 + URL to crawl: http://mail.boyfun.com:443
1021 + Date: 2019-12-06
1022
1023 + Crawling URL: http://mail.boyfun.com:443:
1024 + Links:
1025 + Crawling http://mail.boyfun.com:443
1026 + Searching for directories...
1027 + Searching open folders...
1028
1029
1030 + URL to crawl: http://www.boyfun.com.
1031 + Date: 2019-12-06
1032
1033 + Crawling URL: http://www.boyfun.com.:
1034 + Links:
1035 + Crawling http://www.boyfun.com.
1036 + Searching for directories...
1037 + Searching open folders...
1038
1039
1040 + URL to crawl: https://www.boyfun.com.
1041 + Date: 2019-12-06
1042
1043 + Crawling URL: https://www.boyfun.com.:
1044 + Links:
1045 + Crawling https://www.boyfun.com.
1046 + Searching for directories...
1047 + Searching open folders...
1048
1049--Finished--
1050Summary information for domain boyfun.com.
1051-----------------------------------------
1052
1053 Domain Ips Information:
1054 IP: 64.59.65.2
1055 HostName: ns2.mojohost.com Type: NS
1056 HostName: ns2.mojohost.com Type: PTR
1057 Country: United States
1058 Is Active: True (reset ttl 64)
1059 Port: 53/tcp open domain syn-ack ttl 49 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1060 Script Info: | dns-nsid:
1061 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.2
1062 Script Info: Device type: general purpose|storage-misc|router|WAP|broadband router|media device
1063 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1064 Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1065 IP: 74.206.161.196
1066 HostName: mail.boyfun.com Type: MX
1067 HostName: mail.eentsupport.com Type: PTR
1068 Country: United States
1069 Is Active: True (reset ttl 64)
1070 Port: 80/tcp open http syn-ack ttl 49 Apache httpd
1071 Script Info: | http-methods:
1072 Script Info: | Supported Methods: GET HEAD POST OPTIONS TRACE
1073 Script Info: |_ Potentially risky methods: TRACE
1074 Script Info: |_http-server-header: Apache
1075 Script Info: |_http-title: Site doesn't have a title (text/html).
1076 Port: 110/tcp open pop3 syn-ack ttl 49 Dovecot pop3d
1077 Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) UIDL STLS USER RESP-CODES TOP CAPA PIPELINING
1078 Script Info: |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
1079 Port: 143/tcp open imap syn-ack ttl 49 Dovecot imapd
1080 Script Info: |_imap-capabilities: LOGIN-REFERRALS LITERAL+ IDLE AUTH=PLAIN IMAP4rev1 completed ID SASL-IR ENABLE STARTTLS OK AUTH=LOGINA0001 Capability
1081 Script Info: |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
1082 Port: 443/tcp open http syn-ack ttl 49 Apache httpd
1083 Script Info: | http-methods:
1084 Script Info: | Supported Methods: GET HEAD POST OPTIONS TRACE
1085 Script Info: |_ Potentially risky methods: TRACE
1086 Script Info: |_http-server-header: Apache
1087 Script Info: |_http-title: Site doesn't have a title (text/html).
1088 Port: 465/tcp open ssl/smtps? syn-ack ttl 49
1089 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1090 Script Info: |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
1091 Port: 587/tcp open smtp syn-ack ttl 49 Postfix smtpd
1092 Script Info: |_smtp-commands: cs2698.mojohost.com, PIPELINING, SIZE 134217728, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1093 Script Info: |_ssl-date: 2019-12-06T08:13:59+00:00; 0s from scanner time.
1094 Port: 993/tcp open ssl/imaps? syn-ack ttl 49
1095 Script Info: |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
1096 Port: 995/tcp open ssl/pop3s? syn-ack ttl 49
1097 Script Info: |_ssl-date: 2019-12-06T08:13:58+00:00; -1s from scanner time.
1098 Script Info: Device type: general purpose|storage-misc|router|broadband router|media device|WAP
1099 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Netgear RAIDiator 4.X (90%), Infomir embedded (89%)
1100 Os Info: Host: cs2698.mojohost.com
1101 IP: 64.59.64.2
1102 HostName: ns1.mojohost.com Type: NS
1103 HostName: ns1.mojohost.com Type: PTR
1104 Country: United States
1105 Is Active: True (reset ttl 64)
1106 Port: 53/tcp open domain syn-ack ttl 49 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
1107 Script Info: | dns-nsid:
1108 Script Info: |_ bind.version: 9.9.4-RedHat-9.9.4-51.el7
1109 Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1110 IP: 74.206.167.239
1111 HostName: www.boyfun.com. Type: A
1112 Country: United States
1113 Is Active: True (reset ttl 64)
1114 Port: 80/tcp open http syn-ack ttl 49 Apache httpd
1115 Script Info: | http-methods:
1116 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1117 Script Info: |_http-server-header: Apache
1118 Script Info: |_http-title: Did not follow redirect to https://74.206.167.239/
1119 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1120 Port: 443/tcp open ssl/http syn-ack ttl 49 Apache httpd
1121 Script Info: | http-methods:
1122 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1123 Script Info: |_http-server-header: Apache
1124 Script Info: |_http-title: Did not follow redirect to https://www.karupspc.com/
1125 Script Info: | ssl-cert: Subject: commonName=karupspc.com
1126 Script Info: | Subject Alternative Name: DNS:karupspc.com, DNS:mbtour.karupspc.com, DNS:www.karupspc.com, DNS:www3.karupspc.com
1127 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1128 Script Info: | Public Key type: rsa
1129 Script Info: | Public Key bits: 2048
1130 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1131 Script Info: | Not valid before: 2019-09-25T01:35:57
1132 Script Info: | Not valid after: 2019-12-24T01:35:57
1133 Script Info: | MD5: 5bc3 605f 9819 87f5 f4bf 5b7a e1a1 5868
1134 Script Info: |_SHA-1: b71d e249 1273 3fa1 0b01 ea0c cd0f 27a5 5987 6d87
1135 Script Info: |_ssl-date: 2019-12-06T08:19:30+00:00; 0s from scanner time.
1136 Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP
1137 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Ubiquiti embedded (90%), Ubiquiti AirOS 5.X (89%), AVM FritzOS 6.X (88%), Hitron embedded (88%)
1138
1139--------------End Summary --------------
1140-----------------------------------------
1141
1142
1143#################################################################################################
1144<traceroute to www.boyfun.com (74.206.167.239), 30 hops max, 60 byte packets
1145 1 10.216.200.1 (10.216.200.1) 130.689 ms 130.711 ms 130.714 ms
1146 2 * * *
1147 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 135.288 ms 135.396 ms 135.398 ms
1148 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 134.929 ms 135.177 ms 135.324 ms
1149 5 be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 140.729 ms 140.723 ms 140.711 ms
1150 6 be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105) 162.884 ms 154.089 ms 154.140 ms
1151 7 be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205) 162.864 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209) 163.469 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205) 163.483 ms
1152 8 be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93) 241.849 ms be12266.ccr42.par01.atlas.cogentco.com (154.54.56.174) 240.557 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41) 247.156 ms
1153 9 be3628.ccr42.jfk02.atlas.cogentco.com (154.54.27.169) 245.083 ms be2490.ccr42.jfk02.atlas.cogentco.com (154.54.42.85) 249.272 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38) 241.192 ms
115410 be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106) 250.387 ms 252.752 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110) 244.739 ms
115511 be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 260.073 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158) 258.044 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106) 252.550 ms
115612 be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158) 261.252 ms be3482.ccr21.mia01.atlas.cogentco.com (154.54.24.146) 265.928 ms 271.971 ms
115713 be3400.ccr21.mia03.atlas.cogentco.com (154.54.47.18) 279.213 ms be2027.ccr22.mia03.atlas.cogentco.com (154.54.86.206) 275.095 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50) 270.665 ms
115814 be3400.ccr21.mia03.atlas.cogentco.com (154.54.47.18) 273.411 ms 38.104.94.210 (38.104.94.210) 269.329 ms 38.104.94.214 (38.104.94.214) 266.867 ms
115915 mia-core1-po2.mojohost.com (64.59.80.98) 275.060 ms mia-core2-po3.mojohost.com (64.59.80.102) 275.398 ms mia-core1-po2.mojohost.com (64.59.80.98) 275.653 ms
116016 mia-core1-po2.mojohost.com (64.59.80.98) 273.492 ms mia-core1-po4.mojohost.com (64.59.80.106) 271.252 ms *
1161#################################################################################################
1162----- boyfun.com -----
1163
1164
1165Host's addresses:
1166__________________
1167
1168boyfun.com. 60 IN A 74.206.167.239
1169
1170
1171Wildcard detection using: btaglzehwlpn
1172_______________________________________
1173
1174btaglzehwlpn.boyfun.com. 60 IN A 74.206.161.199
1175
1176
1177!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1178
1179 Wildcards detected, all subdomains will point to the same IP address
1180 Omitting results containing 74.206.161.199.
1181 Maybe you are using OpenDNS servers.
1182
1183!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1184
1185
1186Name Servers:
1187______________
1188
1189ns1.mojohost.com. 85160 IN A 64.59.64.2
1190ns2.mojohost.com. 85163 IN A 64.59.65.2
1191
1192
1193Mail (MX) Servers:
1194___________________
1195
1196mail.boyfun.com. 59 IN A 74.206.161.196
1197
1198
1199Scraping boyfun.com subdomains from Google:
1200____________________________________________
1201
1202
1203 ---- Google search page: 1 ----
1204
1205 models
1206 blog
1207 ww
1208 nntxtwww
1209 wwww
1210 httpwww
1211
1212 ---- Google search page: 2 ----
1213
1214 www3
1215 w
1216 exclusiveto
1217 models
1218 models
1219 join
1220 models
1221 models
1222 join
1223
1224
1225Google Results:
1226________________
1227
1228join.boyfun.com. 60 IN A 74.206.161.198
1229
1230
1231Brute forcing with /usr/share/dnsenum/dns.txt:
1232_______________________________________________
1233
1234mail.boyfun.com. 60 IN A 74.206.161.196
1235members.boyfun.com. 60 IN A 74.206.167.239
1236secure.boyfun.com. 60 IN A 74.206.161.198
1237www.boyfun.com. 60 IN A 74.206.167.239
1238
1239
1240Launching Whois Queries:
1241_________________________
1242
1243 whois ip result: 74.206.167.0 -> 74.206.167.0/26
1244 whois ip result: 74.206.161.0 -> 74.206.161.0/26
1245
1246
1247boyfun.com__________
1248
1249 74.206.161.0/26
1250 74.206.167.0/26
1251
1252#################################################################################################
1253WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1254Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:03 EST
1255Nmap scan report for 74.206.167.239
1256Host is up (0.22s latency).
1257Not shown: 490 filtered ports, 4 closed ports
1258Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1259PORT STATE SERVICE
126080/tcp open http
1261443/tcp open https
1262
1263Nmap done: 1 IP address (1 host up) scanned in 13.36 seconds
1264##################################################################################################
1265Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:03 EST
1266Nmap scan report for 74.206.167.239
1267Host is up (0.13s latency).
1268Not shown: 2 filtered ports
1269PORT STATE SERVICE
127053/udp open|filtered domain
127167/udp open|filtered dhcps
127268/udp open|filtered dhcpc
127369/udp open|filtered tftp
127488/udp open|filtered kerberos-sec
1275123/udp open|filtered ntp
1276139/udp open|filtered netbios-ssn
1277161/udp open|filtered snmp
1278162/udp open|filtered snmptrap
1279389/udp open|filtered ldap
1280500/udp open|filtered isakmp
1281520/udp open|filtered route
12822049/udp open|filtered nfs
1283
1284Nmap done: 1 IP address (1 host up) scanned in 4.19 seconds
1285##################################################################################################
1286HTTP/1.1 301 Moved Permanently
1287Date: Fri, 06 Dec 2019 08:03:44 GMT
1288Server: Apache
1289Location: https://74.206.167.239/
1290Vary: Accept-Encoding
1291Content-Type: text/html; charset=iso-8859-1
1292#################################################################################################
1293http://74.206.167.239 [301 Moved Permanently] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[74.206.167.239], RedirectLocation[https://74.206.167.239/], Title[301 Moved Permanently]
1294https://74.206.167.239/ [301 Moved Permanently] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[74.206.167.239], RedirectLocation[https://www.karupspc.com/], Title[301 Moved Permanently]
1295https://www.karupspc.com/ [200 OK] Apache, Cookies[PHPSESSID], Country[UNITED STATES][US], HTML5, HTTPServer[Apache], IP[74.206.167.239], JQuery[1.11.3], PHP[7.0.20], Script, Title[Karups Private Collection Home], X-Powered-By[PHP/7.0.20]
1296###################################################################################################
1297Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:04 EST
1298NSE: Loaded 163 scripts for scanning.
1299NSE: Script Pre-scanning.
1300Initiating NSE at 03:04
1301Completed NSE at 03:04, 0.00s elapsed
1302Initiating NSE at 03:04
1303Completed NSE at 03:04, 0.00s elapsed
1304Initiating Parallel DNS resolution of 1 host. at 03:04
1305Completed Parallel DNS resolution of 1 host. at 03:04, 0.02s elapsed
1306Initiating SYN Stealth Scan at 03:04
1307Scanning 74.206.167.239 [1 port]
1308Discovered open port 80/tcp on 74.206.167.239
1309Completed SYN Stealth Scan at 03:04, 0.32s elapsed (1 total ports)
1310Initiating Service scan at 03:04
1311Scanning 1 service on 74.206.167.239
1312Completed Service scan at 03:05, 6.55s elapsed (1 service on 1 host)
1313Initiating OS detection (try #1) against 74.206.167.239
1314Retrying OS detection (try #2) against 74.206.167.239
1315Initiating Traceroute at 03:05
1316Completed Traceroute at 03:05, 3.17s elapsed
1317Initiating Parallel DNS resolution of 14 hosts. at 03:05
1318Completed Parallel DNS resolution of 14 hosts. at 03:05, 2.83s elapsed
1319NSE: Script scanning 74.206.167.239.
1320Initiating NSE at 03:05
1321NSE: [http-wordpress-enum 74.206.167.239:80] got no answers from pipelined queries
1322Completed NSE at 03:06, 69.71s elapsed
1323Initiating NSE at 03:06
1324Completed NSE at 03:06, 2.71s elapsed
1325Nmap scan report for 74.206.167.239
1326Host is up (0.26s latency).
1327
1328PORT STATE SERVICE VERSION
132980/tcp open http Apache httpd
1330| http-brute:
1331|_ Path "/" does not require authentication
1332|_http-chrono: Request times for /; avg: 840.72ms; min: 600.76ms; max: 1612.85ms
1333|_http-csrf: Couldn't find any CSRF vulnerabilities.
1334|_http-date: Fri, 06 Dec 2019 08:05:35 GMT; 0s from local time.
1335|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1336|_http-dombased-xss: Couldn't find any DOM based XSS.
1337|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1338|_http-errors: Couldn't find any error pages.
1339|_http-feed: Couldn't find any feeds.
1340|_http-fetch: Please enter the complete path of the directory to save data in.
1341| http-grep:
1342| (1) https://74.206.167.239:443/:
1343| (1) ip:
1344|_ + 74.206.167.239
1345| http-headers:
1346| Date: Fri, 06 Dec 2019 08:05:37 GMT
1347| Server: Apache
1348| Location: https://74.206.167.239/
1349| Vary: Accept-Encoding
1350| Content-Length: 231
1351| Connection: close
1352| Content-Type: text/html; charset=iso-8859-1
1353|
1354|_ (Request type: GET)
1355|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1356| http-methods:
1357|_ Supported Methods: GET OPTIONS
1358|_http-mobileversion-checker: No mobile version detected.
1359|_http-passwd: ERROR: Script execution failed (use -d to debug)
1360| http-security-headers:
1361| Cache_Control:
1362| Header: Cache-Control: no-store, no-cache, must-revalidate
1363| Pragma:
1364| Header: Pragma: no-cache
1365| Expires:
1366|_ Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
1367|_http-server-header: Apache
1368| http-sitemap-generator:
1369| Directory structure:
1370| Longest directory structure:
1371| Depth: 0
1372| Dir: /
1373| Total files found (by extension):
1374|_
1375|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1376|_http-title: Did not follow redirect to https://74.206.167.239/
1377| http-trace: TRACE is enabled
1378| Headers:
1379| Date: Fri, 06 Dec 2019 08:05:18 GMT
1380| Server: Apache
1381| Connection: close
1382| Transfer-Encoding: chunked
1383|_Content-Type: message/http
1384|_http-traceroute: ERROR: Script execution failed (use -d to debug)
1385| http-vhosts:
1386| 107 names had status 301
1387|_20 names had status ERROR
1388|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1389|_http-xssed: No previously reported XSS vuln.
1390|_https-redirect: ERROR: Script execution failed (use -d to debug)
1391| vulscan: VulDB - https://vuldb.com:
1392| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1393| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1394| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1395| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1396| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1397| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1398| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1399| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1400| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1401| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1402| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1403| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1404| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1405| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1406| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1407| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1408| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1409| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1410| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1411| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1412| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1413| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1414| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1415| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1416| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1417| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1418| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1419| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1420| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1421| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1422| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1423| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1424| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1425| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1426| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1427| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1428| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1429| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1430| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1431| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1432| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1433| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1434| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1435| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1436| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1437| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1438| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1439| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1440| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1441| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1442| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1443| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1444| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1445| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1446| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1447| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1448| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1449| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1450| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1451| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1452| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1453| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1454| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1455| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1456| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1457| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1458| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1459| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1460| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1461| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1462| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1463| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1464| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1465| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1466| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1467| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1468| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1469| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1470| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1471| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1472| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1473| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1474| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1475| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1476| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1477| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1478| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1479| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1480| [136370] Apache Fineract up to 1.2.x sql injection
1481| [136369] Apache Fineract up to 1.2.x sql injection
1482| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1483| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1484| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1485| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1486| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1487| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1488| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1489| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1490| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1491| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1492| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1493| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1494| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1495| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1496| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1497| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1498| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1499| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1500| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1501| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1502| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1503| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1504| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1505| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1506| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1507| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1508| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1509| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1510| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1511| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1512| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1513| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1514| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1515| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1516| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1517| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1518| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1519| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1520| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1521| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1522| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1523| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1524| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1525| [130629] Apache Guacamole Cookie Flag weak encryption
1526| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1527| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1528| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1529| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1530| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1531| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1532| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1533| [130123] Apache Airflow up to 1.8.2 information disclosure
1534| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1535| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1536| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1537| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1538| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1539| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1540| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1541| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1542| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1543| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1544| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1545| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1546| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1547| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1548| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1549| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1550| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1551| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1552| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1553| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1554| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1555| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1556| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1557| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1558| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1559| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1560| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1561| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1562| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1563| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1564| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1565| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1566| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1567| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1568| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1569| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1570| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1571| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1572| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1573| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1574| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1575| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1576| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1577| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1578| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1579| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1580| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1581| [127007] Apache Spark Request Code Execution
1582| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1583| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1584| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1585| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1586| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1587| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1588| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1589| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1590| [126346] Apache Tomcat Path privilege escalation
1591| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1592| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1593| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1594| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1595| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1596| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1597| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1598| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1599| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1600| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1601| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1602| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1603| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1604| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1605| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1606| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1607| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1608| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1609| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1610| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1611| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1612| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1613| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1614| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1615| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1616| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1617| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1618| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1619| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1620| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1621| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1622| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1623| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1624| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1625| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1626| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1627| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1628| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1629| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1630| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1631| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1632| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1633| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1634| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1635| [123197] Apache Sentry up to 2.0.0 privilege escalation
1636| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1637| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1638| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1639| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1640| [122800] Apache Spark 1.3.0 REST API weak authentication
1641| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1642| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1643| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1644| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1645| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1646| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1647| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1648| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1649| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1650| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1651| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1652| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1653| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1654| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1655| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1656| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1657| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1658| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1659| [121354] Apache CouchDB HTTP API Code Execution
1660| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1661| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1662| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1663| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1664| [120168] Apache CXF weak authentication
1665| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1666| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1667| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1668| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1669| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1670| [119306] Apache MXNet Network Interface privilege escalation
1671| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1672| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1673| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1674| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1675| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1676| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1677| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1678| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1679| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1680| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1681| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1682| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1683| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1684| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1685| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1686| [117115] Apache Tika up to 1.17 tika-server command injection
1687| [116929] Apache Fineract getReportType Parameter privilege escalation
1688| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1689| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1690| [116926] Apache Fineract REST Parameter privilege escalation
1691| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1692| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1693| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1694| [115883] Apache Hive up to 2.3.2 privilege escalation
1695| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1696| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1697| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1698| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1699| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1700| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1701| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1702| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1703| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1704| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1705| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1706| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1707| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1708| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1709| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1710| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1711| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1712| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1713| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1714| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1715| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1716| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1717| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1718| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1719| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1720| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1721| [113895] Apache Geode up to 1.3.x Code Execution
1722| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1723| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1724| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1725| [113747] Apache Tomcat Servlets privilege escalation
1726| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1727| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1728| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1729| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1730| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1731| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1732| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1733| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1734| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1735| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1736| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1737| [112885] Apache Allura up to 1.8.0 File information disclosure
1738| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1739| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1740| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1741| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1742| [112625] Apache POI up to 3.16 Loop denial of service
1743| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1744| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1745| [112339] Apache NiFi 1.5.0 Header privilege escalation
1746| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
1747| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
1748| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1749| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
1750| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
1751| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
1752| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
1753| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
1754| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
1755| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
1756| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
1757| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
1758| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
1759| [112114] Oracle 9.1 Apache Log4j privilege escalation
1760| [112113] Oracle 9.1 Apache Log4j privilege escalation
1761| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
1762| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
1763| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
1764| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
1765| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
1766| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
1767| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
1768| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
1769| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
1770| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
1771| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
1772| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
1773| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
1774| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
1775| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
1776| [110701] Apache Fineract Query Parameter sql injection
1777| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
1778| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
1779| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
1780| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
1781| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
1782| [110106] Apache CXF Fediz Spring cross site request forgery
1783| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
1784| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
1785| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
1786| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
1787| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
1788| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
1789| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1790| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
1791| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
1792| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
1793| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
1794| [108938] Apple macOS up to 10.13.1 apache denial of service
1795| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
1796| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
1797| [108935] Apple macOS up to 10.13.1 apache denial of service
1798| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
1799| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
1800| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
1801| [108931] Apple macOS up to 10.13.1 apache denial of service
1802| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
1803| [108929] Apple macOS up to 10.13.1 apache denial of service
1804| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
1805| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
1806| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1807| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
1808| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
1809| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1810| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
1811| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
1812| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
1813| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
1814| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
1815| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
1816| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
1817| [108782] Apache Xerces2 XML Service denial of service
1818| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
1819| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
1820| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
1821| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
1822| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
1823| [108629] Apache OFBiz up to 10.04.01 privilege escalation
1824| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
1825| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1826| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
1827| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
1828| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1829| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
1830| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
1831| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
1832| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
1833| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
1834| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
1835| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
1836| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
1837| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
1838| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
1839| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
1840| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
1841| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1842| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1843| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
1844| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
1845| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
1846| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
1847| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
1848| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
1849| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
1850| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
1851| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
1852| [107639] Apache NiFi 1.4.0 XML External Entity
1853| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
1854| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
1855| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
1856| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
1857| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
1858| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
1859| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
1860| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
1861| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
1862| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
1863| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
1864| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1865| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1866| [107197] Apache Xerces Jelly Parser XML File XML External Entity
1867| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
1868| [107084] Apache Struts up to 2.3.19 cross site scripting
1869| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
1870| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
1871| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
1872| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
1873| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
1874| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1875| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
1876| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
1877| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1878| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
1879| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
1880| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1881| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1882| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1883| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
1884| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
1885| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
1886| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
1887| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
1888| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
1889| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
1890| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
1891| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
1892| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
1893| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
1894| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
1895| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
1896| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
1897| [105878] Apache Struts up to 2.3.24.0 privilege escalation
1898| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
1899| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
1900| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
1901| [105643] Apache Pony Mail up to 0.8b weak authentication
1902| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
1903| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
1904| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
1905| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
1906| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
1907| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
1908| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
1909| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
1910| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
1911| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
1912| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
1913| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
1914| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
1915| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
1916| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
1917| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
1918| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
1919| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
1920| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
1921| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
1922| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
1923| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
1924| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
1925| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
1926| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
1927| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
1928| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
1929| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
1930| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
1931| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
1932| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
1933| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
1934| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
1935| [103690] Apache OpenMeetings 1.0.0 sql injection
1936| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
1937| [103688] Apache OpenMeetings 1.0.0 weak encryption
1938| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
1939| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
1940| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
1941| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
1942| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
1943| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
1944| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
1945| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
1946| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
1947| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
1948| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
1949| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
1950| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
1951| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
1952| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
1953| [103352] Apache Solr Node weak authentication
1954| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
1955| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
1956| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
1957| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
1958| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
1959| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
1960| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
1961| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
1962| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
1963| [102536] Apache Ranger up to 0.6 Stored cross site scripting
1964| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
1965| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
1966| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
1967| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
1968| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
1969| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
1970| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
1971| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
1972| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
1973| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
1974| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
1975| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
1976| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
1977| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
1978| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
1979| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
1980| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
1981| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
1982| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
1983| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
1984| [99937] Apache Batik up to 1.8 privilege escalation
1985| [99936] Apache FOP up to 2.1 privilege escalation
1986| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
1987| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
1988| [99930] Apache Traffic Server up to 6.2.0 denial of service
1989| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
1990| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
1991| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
1992| [117569] Apache Hadoop up to 2.7.3 privilege escalation
1993| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
1994| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
1995| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
1996| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
1997| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
1998| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
1999| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2000| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2001| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2002| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2003| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2004| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2005| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2006| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2007| [98605] Apple macOS up to 10.12.3 Apache denial of service
2008| [98604] Apple macOS up to 10.12.3 Apache denial of service
2009| [98603] Apple macOS up to 10.12.3 Apache denial of service
2010| [98602] Apple macOS up to 10.12.3 Apache denial of service
2011| [98601] Apple macOS up to 10.12.3 Apache denial of service
2012| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2013| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2014| [98199] Apache Camel Validation XML External Entity
2015| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2016| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2017| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2018| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2019| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2020| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2021| [97081] Apache Tomcat HTTPS Request denial of service
2022| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2023| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2024| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2025| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2026| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2027| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2028| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2029| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2030| [95311] Apache Storm UI Daemon privilege escalation
2031| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2032| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2033| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2034| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2035| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2036| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2037| [94540] Apache Tika 1.9 tika-server File information disclosure
2038| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2039| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2040| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2041| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2042| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2043| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2044| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2045| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2046| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2047| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2048| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2049| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2050| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2051| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2052| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2053| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2054| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2055| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2056| [93532] Apache Commons Collections Library Java privilege escalation
2057| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2058| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2059| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2060| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2061| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2062| [93098] Apache Commons FileUpload privilege escalation
2063| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2064| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2065| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2066| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2067| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2068| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2069| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2070| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2071| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2072| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2073| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2074| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2075| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2076| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2077| [92549] Apache Tomcat on Red Hat privilege escalation
2078| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2079| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2080| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2081| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2082| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2083| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2084| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2085| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2086| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2087| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2088| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2089| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2090| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2091| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2092| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2093| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2094| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2095| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2096| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2097| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2098| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2099| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2100| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2101| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2102| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2103| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2104| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2105| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2106| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2107| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2108| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2109| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2110| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2111| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2112| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2113| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2114| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2115| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2116| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2117| [90263] Apache Archiva Header denial of service
2118| [90262] Apache Archiva Deserialize privilege escalation
2119| [90261] Apache Archiva XML DTD Connection privilege escalation
2120| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2121| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2122| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2123| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2124| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2125| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2126| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2127| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2128| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2129| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2130| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2131| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2132| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2133| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2134| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2135| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2136| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2137| [87765] Apache James Server 2.3.2 Command privilege escalation
2138| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2139| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2140| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2141| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2142| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2143| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2144| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2145| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2146| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2147| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2148| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2149| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2150| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2151| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2152| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2153| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2154| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2155| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2156| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2157| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2158| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2159| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2160| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2161| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2162| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2163| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2164| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2165| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2166| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2167| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2168| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2169| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2170| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2171| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2172| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2173| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2174| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2175| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2176| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2177| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2178| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2179| [82076] Apache Ranger up to 0.5.1 privilege escalation
2180| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2181| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2182| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2183| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2184| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2185| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2186| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2187| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2188| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2189| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2190| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2191| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2192| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2193| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2194| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2195| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2196| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2197| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2198| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2199| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2200| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2201| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2202| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2203| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2204| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2205| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2206| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2207| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2208| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2209| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2210| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2211| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2212| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2213| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2214| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2215| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2216| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2217| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2218| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2219| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2220| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2221| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2222| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2223| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2224| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2225| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2226| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2227| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2228| [78989] Apache Ambari up to 2.1.1 Open Redirect
2229| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2230| [78987] Apache Ambari up to 2.0.x cross site scripting
2231| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2232| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2233| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2234| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2235| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2236| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2237| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2238| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2239| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2240| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2241| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2242| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2243| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2244| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2245| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2246| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2247| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2248| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2249| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2250| [76567] Apache Struts 2.3.20 unknown vulnerability
2251| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2252| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2253| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2254| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2255| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2256| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2257| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2258| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2259| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2260| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2261| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2262| [74793] Apache Tomcat File Upload denial of service
2263| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2264| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2265| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2266| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2267| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2268| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2269| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2270| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2271| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2272| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2273| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2274| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2275| [74468] Apache Batik up to 1.6 denial of service
2276| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2277| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2278| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2279| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2280| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2281| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2282| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2283| [73731] Apache XML Security unknown vulnerability
2284| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2285| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2286| [73593] Apache Traffic Server up to 5.1.0 denial of service
2287| [73511] Apache POI up to 3.10 Deadlock denial of service
2288| [73510] Apache Solr up to 4.3.0 cross site scripting
2289| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2290| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2291| [73173] Apache CloudStack Stack-Based unknown vulnerability
2292| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2293| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2294| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2295| [72890] Apache Qpid 0.30 unknown vulnerability
2296| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2297| [72878] Apache Cordova 3.5.0 cross site request forgery
2298| [72877] Apache Cordova 3.5.0 cross site request forgery
2299| [72876] Apache Cordova 3.5.0 cross site request forgery
2300| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2301| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2302| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2303| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2304| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2305| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2306| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2307| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2308| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2309| [71629] Apache Axis2/C spoofing
2310| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2311| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2312| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2313| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2314| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2315| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2316| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2317| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2318| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2319| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2320| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2321| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2322| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2323| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2324| [70809] Apache POI up to 3.11 Crash denial of service
2325| [70808] Apache POI up to 3.10 unknown vulnerability
2326| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2327| [70749] Apache Axis up to 1.4 getCN spoofing
2328| [70701] Apache Traffic Server up to 3.3.5 denial of service
2329| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2330| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2331| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2332| [70661] Apache Subversion up to 1.6.17 denial of service
2333| [70660] Apache Subversion up to 1.6.17 spoofing
2334| [70659] Apache Subversion up to 1.6.17 spoofing
2335| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2336| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2337| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2338| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2339| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2340| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2341| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2342| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2343| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2344| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2345| [69846] Apache HBase up to 0.94.8 information disclosure
2346| [69783] Apache CouchDB up to 1.2.0 memory corruption
2347| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2348| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2349| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2350| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2351| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2352| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2353| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2354| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2355| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2356| [69431] Apache Archiva up to 1.3.6 cross site scripting
2357| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2358| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2359| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2360| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2361| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2362| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2363| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2364| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2365| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2366| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2367| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2368| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2369| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2370| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2371| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2372| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2373| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2374| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2375| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2376| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2377| [66356] Apache Wicket up to 6.8.0 information disclosure
2378| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2379| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2380| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2381| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2382| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2383| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2384| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2385| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2386| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2387| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2388| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2389| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2390| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2391| [65668] Apache Solr 4.0.0 Updater denial of service
2392| [65665] Apache Solr up to 4.3.0 denial of service
2393| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2394| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2395| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2396| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2397| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2398| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2399| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2400| [65410] Apache Struts 2.3.15.3 cross site scripting
2401| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2402| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2403| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2404| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2405| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2406| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2407| [65340] Apache Shindig 2.5.0 information disclosure
2408| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2409| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2410| [10826] Apache Struts 2 File privilege escalation
2411| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2412| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2413| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2414| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2415| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2416| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2417| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2418| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2419| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2420| [64722] Apache XML Security for C++ Heap-based memory corruption
2421| [64719] Apache XML Security for C++ Heap-based memory corruption
2422| [64718] Apache XML Security for C++ verify denial of service
2423| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2424| [64716] Apache XML Security for C++ spoofing
2425| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2426| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2427| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2428| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2429| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2430| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2431| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2432| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2433| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2434| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2435| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2436| [64467] Apache Geronimo 3.0 memory corruption
2437| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2438| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2439| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2440| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2441| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2442| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2443| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2444| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2445| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2446| [8873] Apache Struts 2.3.14 privilege escalation
2447| [8872] Apache Struts 2.3.14 privilege escalation
2448| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2449| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2450| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2451| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2452| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2453| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2454| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2455| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2456| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2457| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2458| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2459| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2460| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2461| [8427] Apache Tomcat Session Transaction weak authentication
2462| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2463| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2464| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2465| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2466| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2467| [63747] Apache Rave up to 0.20 User Account information disclosure
2468| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2469| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2470| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2471| [7687] Apache CXF up to 2.7.2 Token weak authentication
2472| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2473| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2474| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2475| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2476| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2477| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2478| [63090] Apache Tomcat up to 4.1.24 denial of service
2479| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2480| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2481| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2482| [62833] Apache CXF -/2.6.0 spoofing
2483| [62832] Apache Axis2 up to 1.6.2 spoofing
2484| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2485| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2486| [62826] Apache Libcloud up to 0.11.0 spoofing
2487| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2488| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2489| [62661] Apache Axis2 unknown vulnerability
2490| [62658] Apache Axis2 unknown vulnerability
2491| [62467] Apache Qpid up to 0.17 denial of service
2492| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2493| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2494| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2495| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2496| [62035] Apache Struts up to 2.3.4 denial of service
2497| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2498| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2499| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2500| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2501| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2502| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2503| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2504| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2505| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2506| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2507| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2508| [61229] Apache Sling up to 2.1.1 denial of service
2509| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2510| [61094] Apache Roller up to 5.0 cross site scripting
2511| [61093] Apache Roller up to 5.0 cross site request forgery
2512| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2513| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2514| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2515| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2516| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2517| [60708] Apache Qpid 0.12 unknown vulnerability
2518| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2519| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2520| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2521| [4882] Apache Wicket up to 1.5.4 directory traversal
2522| [4881] Apache Wicket up to 1.4.19 cross site scripting
2523| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2524| [60352] Apache Struts up to 2.2.3 memory corruption
2525| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2526| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2527| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2528| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2529| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2530| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2531| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2532| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2533| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2534| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2535| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2536| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2537| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2538| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2539| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2540| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2541| [59888] Apache Tomcat up to 6.0.6 denial of service
2542| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2543| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2544| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2545| [59850] Apache Geronimo up to 2.2.1 denial of service
2546| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2547| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2548| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2549| [58413] Apache Tomcat up to 6.0.10 spoofing
2550| [58381] Apache Wicket up to 1.4.17 cross site scripting
2551| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2552| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2553| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2554| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2555| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2556| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2557| [57568] Apache Archiva up to 1.3.4 cross site scripting
2558| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2559| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2560| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2561| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2562| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2563| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2564| [57025] Apache Tomcat up to 7.0.11 information disclosure
2565| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2566| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2567| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2568| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2569| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2570| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2571| [56512] Apache Continuum up to 1.4.0 cross site scripting
2572| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2573| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2574| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2575| [56441] Apache Tomcat up to 7.0.6 denial of service
2576| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2577| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2578| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2579| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2580| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2581| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2582| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2583| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2584| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2585| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2586| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2587| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2588| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2589| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2590| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2591| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2592| [54012] Apache Tomcat up to 6.0.10 denial of service
2593| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2594| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2595| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2596| [52894] Apache Tomcat up to 6.0.7 information disclosure
2597| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2598| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2599| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2600| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2601| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2602| [52584] Apache CouchDB up to 0.10.1 information disclosure
2603| [51757] Apache HTTP Server 2.0.44 cross site scripting
2604| [51756] Apache HTTP Server 2.0.44 spoofing
2605| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2606| [51690] Apache Tomcat up to 6.0 directory traversal
2607| [51689] Apache Tomcat up to 6.0 information disclosure
2608| [51688] Apache Tomcat up to 6.0 directory traversal
2609| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2610| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2611| [50626] Apache Solr 1.0.0 cross site scripting
2612| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2613| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2614| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2615| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2616| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2617| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2618| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2619| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2620| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2621| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2622| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2623| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2624| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2625| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2626| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2627| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2628| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2629| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2630| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2631| [47214] Apachefriends xampp 1.6.8 spoofing
2632| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2633| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2634| [47065] Apache Tomcat 4.1.23 cross site scripting
2635| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2636| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2637| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2638| [86625] Apache Struts directory traversal
2639| [44461] Apache Tomcat up to 5.5.0 information disclosure
2640| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2641| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2642| [43663] Apache Tomcat up to 6.0.16 directory traversal
2643| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2644| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2645| [43516] Apache Tomcat up to 4.1.20 directory traversal
2646| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2647| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2648| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2649| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2650| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2651| [40924] Apache Tomcat up to 6.0.15 information disclosure
2652| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2653| [40922] Apache Tomcat up to 6.0 information disclosure
2654| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2655| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2656| [40656] Apache Tomcat 5.5.20 information disclosure
2657| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2658| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2659| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2660| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2661| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2662| [40234] Apache Tomcat up to 6.0.15 directory traversal
2663| [40221] Apache HTTP Server 2.2.6 information disclosure
2664| [40027] David Castro Apache Authcas 0.4 sql injection
2665| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2666| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2667| [3414] Apache Tomcat WebDAV Stored privilege escalation
2668| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2669| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2670| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2671| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2672| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2673| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2674| [38524] Apache Geronimo 2.0 unknown vulnerability
2675| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2676| [38331] Apache Tomcat 4.1.24 information disclosure
2677| [38330] Apache Tomcat 4.1.24 information disclosure
2678| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2679| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2680| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2681| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2682| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2683| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2684| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2685| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2686| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2687| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2688| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2689| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2690| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2691| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2692| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2693| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2694| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2695| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2696| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2697| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2698| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2699| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2700| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2701| [34252] Apache HTTP Server denial of service
2702| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2703| [33877] Apache Opentaps 0.9.3 cross site scripting
2704| [33876] Apache Open For Business Project unknown vulnerability
2705| [33875] Apache Open For Business Project cross site scripting
2706| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2707| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2708|
2709| MITRE CVE - https://cve.mitre.org:
2710| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2711| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2712| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2713| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2714| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2715| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2716| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2717| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2718| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2719| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2720| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2721| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2722| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2723| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2724| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2725| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2726| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2727| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2728| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2729| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2730| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2731| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2732| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2733| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2734| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2735| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2736| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2737| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2738| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2739| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2740| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2741| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2742| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2743| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2744| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2745| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
2746| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
2747| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
2748| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
2749| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
2750| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
2751| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2752| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2753| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2754| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2755| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2756| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
2757| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
2758| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
2759| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
2760| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
2761| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
2762| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
2763| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
2764| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
2765| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
2766| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
2767| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
2768| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
2769| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2770| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
2771| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
2772| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
2773| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
2774| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2775| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
2776| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
2777| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
2778| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
2779| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2780| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
2781| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
2782| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
2783| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
2784| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
2785| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2786| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
2787| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
2788| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
2789| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
2790| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
2791| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
2792| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2793| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
2794| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
2795| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2796| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
2797| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
2798| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
2799| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
2800| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
2801| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
2802| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
2803| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
2804| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
2805| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
2806| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
2807| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
2808| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
2809| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
2810| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
2811| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
2812| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
2813| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
2814| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
2815| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
2816| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
2817| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
2818| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
2819| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
2820| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
2821| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
2822| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
2823| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
2824| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
2825| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
2826| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
2827| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
2828| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
2829| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
2830| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
2831| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2832| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
2833| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
2834| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2835| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2836| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
2837| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
2838| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
2839| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
2840| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
2841| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
2842| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
2843| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
2844| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
2845| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2846| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
2847| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
2848| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
2849| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
2850| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
2851| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
2852| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
2853| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
2854| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
2855| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
2856| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
2857| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
2858| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
2859| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
2860| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
2861| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
2862| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
2863| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
2864| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
2865| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
2866| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
2867| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
2868| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
2869| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
2870| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
2871| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
2872| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
2873| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2874| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
2875| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
2876| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
2877| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
2878| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
2879| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
2880| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
2881| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
2882| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
2883| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
2884| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
2885| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
2886| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
2887| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
2888| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
2889| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2890| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
2891| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
2892| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
2893| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
2894| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
2895| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
2896| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2897| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
2898| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
2899| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
2900| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
2901| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
2902| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
2903| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
2904| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
2905| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
2906| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
2907| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
2908| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
2909| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
2910| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
2911| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
2912| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
2913| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
2914| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
2915| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
2916| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
2917| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
2918| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
2919| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
2920| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
2921| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
2922| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
2923| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
2924| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
2925| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
2926| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
2927| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
2928| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
2929| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
2930| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2931| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
2932| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
2933| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
2934| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
2935| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
2936| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
2937| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
2938| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
2939| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
2940| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
2941| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
2942| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
2943| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
2944| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
2945| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2946| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
2947| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
2948| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
2949| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
2950| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
2951| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
2952| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
2953| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
2954| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
2955| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
2956| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
2957| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
2958| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
2959| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
2960| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
2961| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
2962| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
2963| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
2964| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
2965| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
2966| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
2967| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
2968| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
2969| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
2970| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
2971| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
2972| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
2973| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
2974| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
2975| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
2976| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
2977| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
2978| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
2979| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
2980| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
2981| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
2982| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
2983| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
2984| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
2985| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
2986| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
2987| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
2988| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
2989| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
2990| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
2991| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
2992| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
2993| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
2994| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
2995| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
2996| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
2997| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
2998| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
2999| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3000| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3001| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3002| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3003| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3004| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3005| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3006| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3007| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3008| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3009| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3010| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3011| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3012| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3013| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3014| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3015| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3016| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3017| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3018| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3019| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3020| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3021| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3022| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3023| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3024| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3025| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3026| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3027| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3028| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3029| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3030| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3031| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3032| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3033| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3034| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3035| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3036| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3037| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3038| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3039| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3040| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3041| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3042| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3043| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3044| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3045| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3046| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3047| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3048| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3049| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3050| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3051| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3052| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3053| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3054| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3055| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3056| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3057| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3058| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3059| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3060| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3061| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3062| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3063| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3064| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3065| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3066| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3067| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3068| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3069| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3070| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3071| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3072| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3073| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3074| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3075| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3076| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3077| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3078| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3079| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3080| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3081| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3082| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3083| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3084| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3085| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3086| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3087| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3088| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3089| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3090| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3091| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3092| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3093| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3094| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3095| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3096| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3097| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3098| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3099| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3100| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3101| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3102| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3103| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3104| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3105| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3106| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3107| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3108| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3109| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3110| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3111| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3112| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3113| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3114| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3115| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3116| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3117| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3118| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3119| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3120| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3121| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3122| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3123| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3124| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3125| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3126| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3127| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3128| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3129| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3130| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3131| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3132| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3133| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3134| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3135| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3136| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3137| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3138| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3139| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3140| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3141| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3142| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3143| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3144| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3145| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3146| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3147| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3148| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3149| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3150| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3151| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3152| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3153| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3154| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3155| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3156| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3157| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3158| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3159| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3160| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3161| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3162| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3163| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3164| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3165| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3166| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3167| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3168| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3169| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3170| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3171| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3172| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3173| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3174| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3175| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3176| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3177| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3178| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3179| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3180| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3181| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3182| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3183| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3184| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3185| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3186| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3187| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3188| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3189| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3190| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3191| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3192| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3193| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3194| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3195| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3196| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3197| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3198| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3199| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3200| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3201| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3202| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3203| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3204| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3205| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3206| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3207| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3208| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3209| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3210| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3211| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3212| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3213| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3214| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3215| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3216| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3217| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3218| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3219| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3220| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3221| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3222| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3223| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3224| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3225| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3226| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3227| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3228| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3229| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3230| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3231| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3232| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3233| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3234| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3235| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3236| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3237| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3238| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3239| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3240| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3241| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3242| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3243| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3244| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3245| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3246| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3247| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3248| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3249| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3250| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3251| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3252| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3253| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3254| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3255| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3256| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3257| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3258| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3259| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3260| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3261| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3262| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3263| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3264| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3265| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3266| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3267| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3268| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3269| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3270| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3271| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3272| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3273| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3274| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3275| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3276| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3277| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3278| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3279| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3280| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3281| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3282| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3283| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3284| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3285| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3286| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3287| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3288| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3289| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3290| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3291| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3292| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3293| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3294| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3295| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3296| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3297| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3298| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3299| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3300| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3301| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3302| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3303| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3304| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3305| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3306| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3307| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3308| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3309| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3310| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3311| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3312| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3313| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3314| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3315| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3316| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3317| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3318| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3319|
3320| SecurityFocus - https://www.securityfocus.com/bid/:
3321| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3322| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3323| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3324| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3325| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3326| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3327| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3328| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3329| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3330| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3331| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3332| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3333| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3334| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3335| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3336| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3337| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3338| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3339| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3340| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3341| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3342| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3343| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3344| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3345| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3346| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3347| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3348| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3349| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3350| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3351| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3352| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3353| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3354| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3355| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3356| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3357| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3358| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3359| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3360| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3361| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3362| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3363| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3364| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3365| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3366| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3367| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3368| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3369| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3370| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3371| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3372| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3373| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3374| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3375| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3376| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3377| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3378| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3379| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3380| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3381| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3382| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3383| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3384| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3385| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3386| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3387| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3388| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3389| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3390| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3391| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3392| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3393| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3394| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3395| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3396| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3397| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3398| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3399| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3400| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3401| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3402| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3403| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3404| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3405| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3406| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3407| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3408| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3409| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3410| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3411| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3412| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3413| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3414| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3415| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3416| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3417| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3418| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3419| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3420| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3421| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3422| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3423| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3424| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3425| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3426| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3427| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3428| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3429| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3430| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3431| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3432| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3433| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3434| [100447] Apache2Triad Multiple Security Vulnerabilities
3435| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3436| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3437| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3438| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3439| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3440| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3441| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3442| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3443| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3444| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3445| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3446| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3447| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3448| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3449| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3450| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3451| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3452| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3453| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3454| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3455| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3456| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3457| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3458| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3459| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3460| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3461| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3462| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3463| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3464| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3465| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3466| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3467| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3468| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3469| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3470| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3471| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3472| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3473| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3474| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3475| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3476| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3477| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3478| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3479| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3480| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3481| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3482| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3483| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3484| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3485| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3486| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3487| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3488| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3489| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3490| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3491| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3492| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3493| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3494| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3495| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3496| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3497| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3498| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3499| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3500| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3501| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3502| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3503| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3504| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3505| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3506| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3507| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3508| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3509| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3510| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3511| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3512| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3513| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3514| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3515| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3516| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3517| [95675] Apache Struts Remote Code Execution Vulnerability
3518| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3519| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3520| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3521| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3522| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3523| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3524| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3525| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3526| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3527| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3528| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3529| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3530| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3531| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3532| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3533| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3534| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3535| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3536| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3537| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3538| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3539| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3540| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3541| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3542| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3543| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3544| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3545| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3546| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3547| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3548| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3549| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3550| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3551| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3552| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3553| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3554| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3555| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3556| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3557| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3558| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3559| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3560| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3561| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3562| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3563| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3564| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3565| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3566| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3567| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3568| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3569| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3570| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3571| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3572| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3573| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3574| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3575| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3576| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3577| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3578| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3579| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3580| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3581| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3582| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3583| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3584| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3585| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3586| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3587| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3588| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3589| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3590| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3591| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3592| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3593| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3594| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3595| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3596| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3597| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3598| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3599| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3600| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3601| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3602| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3603| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3604| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3605| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3606| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3607| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3608| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3609| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3610| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3611| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3612| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3613| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3614| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3615| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3616| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3617| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3618| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3619| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3620| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3621| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3622| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3623| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3624| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3625| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3626| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3627| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3628| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3629| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3630| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3631| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3632| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3633| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3634| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3635| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3636| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3637| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3638| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3639| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3640| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3641| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3642| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3643| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3644| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3645| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3646| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3647| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3648| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3649| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3650| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3651| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3652| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3653| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3654| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3655| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3656| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3657| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3658| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3659| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3660| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3661| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3662| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3663| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3664| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3665| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3666| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3667| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3668| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3669| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3670| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3671| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3672| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3673| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3674| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3675| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3676| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3677| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3678| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3679| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3680| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3681| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3682| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3683| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3684| [76933] Apache James Server Unspecified Command Execution Vulnerability
3685| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3686| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3687| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3688| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3689| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3690| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3691| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3692| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3693| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3694| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3695| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3696| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3697| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3698| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3699| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3700| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3701| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3702| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3703| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3704| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3705| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3706| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3707| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3708| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3709| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3710| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3711| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3712| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3713| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3714| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3715| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3716| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3717| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3718| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3719| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3720| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3721| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3722| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3723| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3724| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3725| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3726| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3727| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3728| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3729| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3730| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3731| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3732| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3733| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3734| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3735| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3736| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3737| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3738| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3739| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3740| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3741| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3742| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3743| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3744| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3745| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
3746| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
3747| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
3748| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
3749| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
3750| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
3751| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
3752| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
3753| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
3754| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
3755| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
3756| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
3757| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
3758| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
3759| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
3760| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
3761| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
3762| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
3763| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
3764| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
3765| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
3766| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
3767| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
3768| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
3769| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
3770| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
3771| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
3772| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
3773| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
3774| [68229] Apache Harmony PRNG Entropy Weakness
3775| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
3776| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
3777| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
3778| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
3779| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
3780| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
3781| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
3782| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
3783| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
3784| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
3785| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
3786| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
3787| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
3788| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
3789| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
3790| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
3791| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
3792| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
3793| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
3794| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
3795| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
3796| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
3797| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
3798| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
3799| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
3800| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
3801| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
3802| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
3803| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
3804| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
3805| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
3806| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
3807| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
3808| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
3809| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
3810| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
3811| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
3812| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
3813| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
3814| [64780] Apache CloudStack Unauthorized Access Vulnerability
3815| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
3816| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
3817| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
3818| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
3819| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
3820| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
3821| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
3822| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
3823| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
3824| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
3825| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
3826| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3827| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
3828| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
3829| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
3830| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
3831| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
3832| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
3833| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
3834| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
3835| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
3836| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
3837| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
3838| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
3839| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
3840| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
3841| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
3842| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
3843| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
3844| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
3845| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
3846| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
3847| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
3848| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
3849| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
3850| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
3851| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
3852| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
3853| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
3854| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
3855| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
3856| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
3857| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
3858| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
3859| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
3860| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
3861| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
3862| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
3863| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
3864| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
3865| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
3866| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
3867| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
3868| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
3869| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
3870| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
3871| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
3872| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
3873| [59670] Apache VCL Multiple Input Validation Vulnerabilities
3874| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
3875| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
3876| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
3877| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
3878| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
3879| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
3880| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
3881| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
3882| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
3883| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
3884| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
3885| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
3886| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
3887| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
3888| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
3889| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
3890| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
3891| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
3892| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
3893| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
3894| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
3895| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
3896| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
3897| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
3898| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
3899| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
3900| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
3901| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
3902| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
3903| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
3904| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
3905| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
3906| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
3907| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
3908| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
3909| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
3910| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
3911| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
3912| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
3913| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
3914| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
3915| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
3916| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
3917| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
3918| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
3919| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
3920| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
3921| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
3922| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
3923| [54798] Apache Libcloud Man In The Middle Vulnerability
3924| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
3925| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
3926| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
3927| [54189] Apache Roller Cross Site Request Forgery Vulnerability
3928| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
3929| [53880] Apache CXF Child Policies Security Bypass Vulnerability
3930| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
3931| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
3932| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
3933| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
3934| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
3935| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
3936| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
3937| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
3938| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
3939| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
3940| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
3941| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
3942| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
3943| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
3944| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
3945| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
3946| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
3947| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
3948| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
3949| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
3950| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3951| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
3952| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
3953| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
3954| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
3955| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
3956| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
3957| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
3958| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
3959| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
3960| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
3961| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
3962| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
3963| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
3964| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3965| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
3966| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
3967| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
3968| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
3969| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
3970| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
3971| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
3972| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
3973| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
3974| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
3975| [49290] Apache Wicket Cross Site Scripting Vulnerability
3976| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
3977| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
3978| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
3979| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
3980| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
3981| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
3982| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
3983| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3984| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
3985| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
3986| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
3987| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
3988| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
3989| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
3990| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
3991| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
3992| [46953] Apache MPM-ITK Module Security Weakness
3993| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
3994| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
3995| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
3996| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
3997| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
3998| [46166] Apache Tomcat JVM Denial of Service Vulnerability
3999| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4000| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4001| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4002| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4003| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4004| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4005| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4006| [44616] Apache Shiro Directory Traversal Vulnerability
4007| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4008| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4009| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4010| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4011| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4012| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4013| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4014| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4015| [42492] Apache CXF XML DTD Processing Security Vulnerability
4016| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4017| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4018| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4019| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4020| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4021| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4022| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4023| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4024| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4025| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4026| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4027| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4028| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4029| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4030| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4031| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4032| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4033| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4034| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4035| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4036| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4037| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4038| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4039| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4040| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4041| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4042| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4043| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4044| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4045| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4046| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4047| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4048| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4049| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4050| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4051| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4052| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4053| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4054| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4055| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4056| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4057| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4058| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4059| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4060| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4061| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4062| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4063| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4064| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4065| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4066| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4067| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4068| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4069| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4070| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4071| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4072| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4073| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4074| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4075| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4076| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4077| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4078| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4079| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4080| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4081| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4082| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4083| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4084| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4085| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4086| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4087| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4088| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4089| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4090| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4091| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4092| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4093| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4094| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4095| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4096| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4097| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4098| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4099| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4100| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4101| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4102| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4103| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4104| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4105| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4106| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4107| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4108| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4109| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4110| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4111| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4112| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4113| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4114| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4115| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4116| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4117| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4118| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4119| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4120| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4121| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4122| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4123| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4124| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4125| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4126| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4127| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4128| [20527] Apache Mod_TCL Remote Format String Vulnerability
4129| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4130| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4131| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4132| [19106] Apache Tomcat Information Disclosure Vulnerability
4133| [18138] Apache James SMTP Denial Of Service Vulnerability
4134| [17342] Apache Struts Multiple Remote Vulnerabilities
4135| [17095] Apache Log4Net Denial Of Service Vulnerability
4136| [16916] Apache mod_python FileSession Code Execution Vulnerability
4137| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4138| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4139| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4140| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4141| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4142| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4143| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4144| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4145| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4146| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4147| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4148| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4149| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4150| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4151| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4152| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4153| [14106] Apache HTTP Request Smuggling Vulnerability
4154| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4155| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4156| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4157| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4158| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4159| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4160| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4161| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4162| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4163| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4164| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4165| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4166| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4167| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4168| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4169| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4170| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4171| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4172| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4173| [11094] Apache mod_ssl Denial Of Service Vulnerability
4174| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4175| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4176| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4177| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4178| [10478] ClueCentral Apache Suexec Patch Security Weakness
4179| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4180| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4181| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4182| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4183| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4184| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4185| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4186| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4187| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4188| [9733] Apache Cygwin Directory Traversal Vulnerability
4189| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4190| [9590] Apache-SSL Client Certificate Forging Vulnerability
4191| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4192| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4193| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4194| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4195| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4196| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4197| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4198| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4199| [8898] Red Hat Apache Directory Index Default Configuration Error
4200| [8883] Apache Cocoon Directory Traversal Vulnerability
4201| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4202| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4203| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4204| [8707] Apache htpasswd Password Entropy Weakness
4205| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4206| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4207| [8226] Apache HTTP Server Multiple Vulnerabilities
4208| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4209| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4210| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4211| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4212| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4213| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4214| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4215| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4216| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4217| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4218| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4219| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4220| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4221| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4222| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4223| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4224| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4225| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4226| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4227| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4228| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4229| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4230| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4231| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4232| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4233| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4234| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4235| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4236| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4237| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4238| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4239| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4240| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4241| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4242| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4243| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4244| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4245| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4246| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4247| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4248| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4249| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4250| [5485] Apache 2.0 Path Disclosure Vulnerability
4251| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4252| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4253| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4254| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4255| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4256| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4257| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4258| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4259| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4260| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4261| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4262| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4263| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4264| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4265| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4266| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4267| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4268| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4269| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4270| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4271| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4272| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4273| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4274| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4275| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4276| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4277| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4278| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4279| [3596] Apache Split-Logfile File Append Vulnerability
4280| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4281| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4282| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4283| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4284| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4285| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4286| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4287| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4288| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4289| [3169] Apache Server Address Disclosure Vulnerability
4290| [3009] Apache Possible Directory Index Disclosure Vulnerability
4291| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4292| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4293| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4294| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4295| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4296| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4297| [2216] Apache Web Server DoS Vulnerability
4298| [2182] Apache /tmp File Race Vulnerability
4299| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4300| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4301| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4302| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4303| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4304| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4305| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4306| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4307| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4308| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4309| [1457] Apache::ASP source.asp Example Script Vulnerability
4310| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4311| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4312|
4313| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4314| [86258] Apache CloudStack text fields cross-site scripting
4315| [85983] Apache Subversion mod_dav_svn module denial of service
4316| [85875] Apache OFBiz UEL code execution
4317| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4318| [85871] Apache HTTP Server mod_session_dbd unspecified
4319| [85756] Apache Struts OGNL expression command execution
4320| [85755] Apache Struts DefaultActionMapper class open redirect
4321| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4322| [85574] Apache HTTP Server mod_dav denial of service
4323| [85573] Apache Struts Showcase App OGNL code execution
4324| [85496] Apache CXF denial of service
4325| [85423] Apache Geronimo RMI classloader code execution
4326| [85326] Apache Santuario XML Security for C++ buffer overflow
4327| [85323] Apache Santuario XML Security for Java spoofing
4328| [85319] Apache Qpid Python client SSL spoofing
4329| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4330| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4331| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4332| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4333| [84952] Apache Tomcat CVE-2012-3544 denial of service
4334| [84763] Apache Struts CVE-2013-2135 security bypass
4335| [84762] Apache Struts CVE-2013-2134 security bypass
4336| [84719] Apache Subversion CVE-2013-2088 command execution
4337| [84718] Apache Subversion CVE-2013-2112 denial of service
4338| [84717] Apache Subversion CVE-2013-1968 denial of service
4339| [84577] Apache Tomcat security bypass
4340| [84576] Apache Tomcat symlink
4341| [84543] Apache Struts CVE-2013-2115 security bypass
4342| [84542] Apache Struts CVE-2013-1966 security bypass
4343| [84154] Apache Tomcat session hijacking
4344| [84144] Apache Tomcat denial of service
4345| [84143] Apache Tomcat information disclosure
4346| [84111] Apache HTTP Server command execution
4347| [84043] Apache Virtual Computing Lab cross-site scripting
4348| [84042] Apache Virtual Computing Lab cross-site scripting
4349| [83782] Apache CloudStack information disclosure
4350| [83781] Apache CloudStack security bypass
4351| [83720] Apache ActiveMQ cross-site scripting
4352| [83719] Apache ActiveMQ denial of service
4353| [83718] Apache ActiveMQ denial of service
4354| [83263] Apache Subversion denial of service
4355| [83262] Apache Subversion denial of service
4356| [83261] Apache Subversion denial of service
4357| [83259] Apache Subversion denial of service
4358| [83035] Apache mod_ruid2 security bypass
4359| [82852] Apache Qpid federation_tag security bypass
4360| [82851] Apache Qpid qpid::framing::Buffer denial of service
4361| [82758] Apache Rave User RPC API information disclosure
4362| [82663] Apache Subversion svn_fs_file_length() denial of service
4363| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4364| [82641] Apache Qpid AMQP denial of service
4365| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4366| [82618] Apache Commons FileUpload symlink
4367| [82360] Apache HTTP Server manager interface cross-site scripting
4368| [82359] Apache HTTP Server hostnames cross-site scripting
4369| [82338] Apache Tomcat log/logdir information disclosure
4370| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4371| [82268] Apache OpenJPA deserialization command execution
4372| [81981] Apache CXF UsernameTokens security bypass
4373| [81980] Apache CXF WS-Security security bypass
4374| [81398] Apache OFBiz cross-site scripting
4375| [81240] Apache CouchDB directory traversal
4376| [81226] Apache CouchDB JSONP code execution
4377| [81225] Apache CouchDB Futon user interface cross-site scripting
4378| [81211] Apache Axis2/C SSL spoofing
4379| [81167] Apache CloudStack DeployVM information disclosure
4380| [81166] Apache CloudStack AddHost API information disclosure
4381| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4382| [80518] Apache Tomcat cross-site request forgery security bypass
4383| [80517] Apache Tomcat FormAuthenticator security bypass
4384| [80516] Apache Tomcat NIO denial of service
4385| [80408] Apache Tomcat replay-countermeasure security bypass
4386| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4387| [80317] Apache Tomcat slowloris denial of service
4388| [79984] Apache Commons HttpClient SSL spoofing
4389| [79983] Apache CXF SSL spoofing
4390| [79830] Apache Axis2/Java SSL spoofing
4391| [79829] Apache Axis SSL spoofing
4392| [79809] Apache Tomcat DIGEST security bypass
4393| [79806] Apache Tomcat parseHeaders() denial of service
4394| [79540] Apache OFBiz unspecified
4395| [79487] Apache Axis2 SAML security bypass
4396| [79212] Apache Cloudstack code execution
4397| [78734] Apache CXF SOAP Action security bypass
4398| [78730] Apache Qpid broker denial of service
4399| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4400| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4401| [78562] Apache mod_pagespeed module security bypass
4402| [78454] Apache Axis2 security bypass
4403| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4404| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4405| [78321] Apache Wicket unspecified cross-site scripting
4406| [78183] Apache Struts parameters denial of service
4407| [78182] Apache Struts cross-site request forgery
4408| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4409| [77987] mod_rpaf module for Apache denial of service
4410| [77958] Apache Struts skill name code execution
4411| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4412| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4413| [77568] Apache Qpid broker security bypass
4414| [77421] Apache Libcloud spoofing
4415| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4416| [77046] Oracle Solaris Apache HTTP Server information disclosure
4417| [76837] Apache Hadoop information disclosure
4418| [76802] Apache Sling CopyFrom denial of service
4419| [76692] Apache Hadoop symlink
4420| [76535] Apache Roller console cross-site request forgery
4421| [76534] Apache Roller weblog cross-site scripting
4422| [76152] Apache CXF elements security bypass
4423| [76151] Apache CXF child policies security bypass
4424| [75983] MapServer for Windows Apache file include
4425| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4426| [75558] Apache POI denial of service
4427| [75545] PHP apache_request_headers() buffer overflow
4428| [75302] Apache Qpid SASL security bypass
4429| [75211] Debian GNU/Linux apache 2 cross-site scripting
4430| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4431| [74871] Apache OFBiz FlexibleStringExpander code execution
4432| [74870] Apache OFBiz multiple cross-site scripting
4433| [74750] Apache Hadoop unspecified spoofing
4434| [74319] Apache Struts XSLTResult.java file upload
4435| [74313] Apache Traffic Server header buffer overflow
4436| [74276] Apache Wicket directory traversal
4437| [74273] Apache Wicket unspecified cross-site scripting
4438| [74181] Apache HTTP Server mod_fcgid module denial of service
4439| [73690] Apache Struts OGNL code execution
4440| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4441| [73100] Apache MyFaces in directory traversal
4442| [73096] Apache APR hash denial of service
4443| [73052] Apache Struts name cross-site scripting
4444| [73030] Apache CXF UsernameToken security bypass
4445| [72888] Apache Struts lastName cross-site scripting
4446| [72758] Apache HTTP Server httpOnly information disclosure
4447| [72757] Apache HTTP Server MPM denial of service
4448| [72585] Apache Struts ParameterInterceptor security bypass
4449| [72438] Apache Tomcat Digest security bypass
4450| [72437] Apache Tomcat Digest security bypass
4451| [72436] Apache Tomcat DIGEST security bypass
4452| [72425] Apache Tomcat parameter denial of service
4453| [72422] Apache Tomcat request object information disclosure
4454| [72377] Apache HTTP Server scoreboard security bypass
4455| [72345] Apache HTTP Server HTTP request denial of service
4456| [72229] Apache Struts ExceptionDelegator command execution
4457| [72089] Apache Struts ParameterInterceptor directory traversal
4458| [72088] Apache Struts CookieInterceptor command execution
4459| [72047] Apache Geronimo hash denial of service
4460| [72016] Apache Tomcat hash denial of service
4461| [71711] Apache Struts OGNL expression code execution
4462| [71654] Apache Struts interfaces security bypass
4463| [71620] Apache ActiveMQ failover denial of service
4464| [71617] Apache HTTP Server mod_proxy module information disclosure
4465| [71508] Apache MyFaces EL security bypass
4466| [71445] Apache HTTP Server mod_proxy security bypass
4467| [71203] Apache Tomcat servlets privilege escalation
4468| [71181] Apache HTTP Server ap_pregsub() denial of service
4469| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4470| [70336] Apache HTTP Server mod_proxy information disclosure
4471| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4472| [69472] Apache Tomcat AJP security bypass
4473| [69396] Apache HTTP Server ByteRange filter denial of service
4474| [69394] Apache Wicket multi window support cross-site scripting
4475| [69176] Apache Tomcat XML information disclosure
4476| [69161] Apache Tomcat jsvc information disclosure
4477| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4478| [68541] Apache Tomcat sendfile information disclosure
4479| [68420] Apache XML Security denial of service
4480| [68238] Apache Tomcat JMX information disclosure
4481| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4482| [67804] Apache Subversion control rules information disclosure
4483| [67803] Apache Subversion control rules denial of service
4484| [67802] Apache Subversion baselined denial of service
4485| [67672] Apache Archiva multiple cross-site scripting
4486| [67671] Apache Archiva multiple cross-site request forgery
4487| [67564] Apache APR apr_fnmatch() denial of service
4488| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4489| [67515] Apache Tomcat annotations security bypass
4490| [67480] Apache Struts s:submit information disclosure
4491| [67414] Apache APR apr_fnmatch() denial of service
4492| [67356] Apache Struts javatemplates cross-site scripting
4493| [67354] Apache Struts Xwork cross-site scripting
4494| [66676] Apache Tomcat HTTP BIO information disclosure
4495| [66675] Apache Tomcat web.xml security bypass
4496| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4497| [66241] Apache HttpComponents information disclosure
4498| [66154] Apache Tomcat ServletSecurity security bypass
4499| [65971] Apache Tomcat ServletSecurity security bypass
4500| [65876] Apache Subversion mod_dav_svn denial of service
4501| [65343] Apache Continuum unspecified cross-site scripting
4502| [65162] Apache Tomcat NIO connector denial of service
4503| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4504| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4505| [65159] Apache Tomcat ServletContect security bypass
4506| [65050] Apache CouchDB web-based administration UI cross-site scripting
4507| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4508| [64473] Apache Subversion blame -g denial of service
4509| [64472] Apache Subversion walk() denial of service
4510| [64407] Apache Axis2 CVE-2010-0219 code execution
4511| [63926] Apache Archiva password privilege escalation
4512| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4513| [63493] Apache Archiva credentials cross-site request forgery
4514| [63477] Apache Tomcat HttpOnly session hijacking
4515| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4516| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4517| [62959] Apache Shiro filters security bypass
4518| [62790] Apache Perl cgi module denial of service
4519| [62576] Apache Qpid exchange denial of service
4520| [62575] Apache Qpid AMQP denial of service
4521| [62354] Apache Qpid SSL denial of service
4522| [62235] Apache APR-util apr_brigade_split_line() denial of service
4523| [62181] Apache XML-RPC SAX Parser information disclosure
4524| [61721] Apache Traffic Server cache poisoning
4525| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4526| [61186] Apache CouchDB Futon cross-site request forgery
4527| [61169] Apache CXF DTD denial of service
4528| [61070] Apache Jackrabbit search.jsp SQL injection
4529| [61006] Apache SLMS Quoting cross-site request forgery
4530| [60962] Apache Tomcat time cross-site scripting
4531| [60883] Apache mod_proxy_http information disclosure
4532| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4533| [60264] Apache Tomcat Transfer-Encoding denial of service
4534| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4535| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4536| [59413] Apache mod_proxy_http timeout information disclosure
4537| [59058] Apache MyFaces unencrypted view state cross-site scripting
4538| [58827] Apache Axis2 xsd file include
4539| [58790] Apache Axis2 modules cross-site scripting
4540| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4541| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4542| [58056] Apache ActiveMQ .jsp source code disclosure
4543| [58055] Apache Tomcat realm name information disclosure
4544| [58046] Apache HTTP Server mod_auth_shadow security bypass
4545| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4546| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4547| [57429] Apache CouchDB algorithms information disclosure
4548| [57398] Apache ActiveMQ Web console cross-site request forgery
4549| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4550| [56653] Apache HTTP Server DNS spoofing
4551| [56652] Apache HTTP Server DNS cross-site scripting
4552| [56625] Apache HTTP Server request header information disclosure
4553| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4554| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4555| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4556| [55857] Apache Tomcat WAR files directory traversal
4557| [55856] Apache Tomcat autoDeploy attribute security bypass
4558| [55855] Apache Tomcat WAR directory traversal
4559| [55210] Intuit component for Joomla! Apache information disclosure
4560| [54533] Apache Tomcat 404 error page cross-site scripting
4561| [54182] Apache Tomcat admin default password
4562| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4563| [53666] Apache HTTP Server Solaris pollset support denial of service
4564| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4565| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4566| [53041] mod_proxy_ftp module for Apache denial of service
4567| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4568| [51953] Apache Tomcat Path Disclosure
4569| [51952] Apache Tomcat Path Traversal
4570| [51951] Apache stronghold-status Information Disclosure
4571| [51950] Apache stronghold-info Information Disclosure
4572| [51949] Apache PHP Source Code Disclosure
4573| [51948] Apache Multiviews Attack
4574| [51946] Apache JServ Environment Status Information Disclosure
4575| [51945] Apache error_log Information Disclosure
4576| [51944] Apache Default Installation Page Pattern Found
4577| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4578| [51942] Apache AXIS XML External Entity File Retrieval
4579| [51941] Apache AXIS Sample Servlet Information Leak
4580| [51940] Apache access_log Information Disclosure
4581| [51626] Apache mod_deflate denial of service
4582| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4583| [51365] Apache Tomcat RequestDispatcher security bypass
4584| [51273] Apache HTTP Server Incomplete Request denial of service
4585| [51195] Apache Tomcat XML information disclosure
4586| [50994] Apache APR-util xml/apr_xml.c denial of service
4587| [50993] Apache APR-util apr_brigade_vprintf denial of service
4588| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4589| [50930] Apache Tomcat j_security_check information disclosure
4590| [50928] Apache Tomcat AJP denial of service
4591| [50884] Apache HTTP Server XML ENTITY denial of service
4592| [50808] Apache HTTP Server AllowOverride privilege escalation
4593| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4594| [50059] Apache mod_proxy_ajp information disclosure
4595| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4596| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4597| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4598| [49921] Apache ActiveMQ Web interface cross-site scripting
4599| [49898] Apache Geronimo Services/Repository directory traversal
4600| [49725] Apache Tomcat mod_jk module information disclosure
4601| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4602| [49712] Apache Struts unspecified cross-site scripting
4603| [49213] Apache Tomcat cal2.jsp cross-site scripting
4604| [48934] Apache Tomcat POST doRead method information disclosure
4605| [48211] Apache Tomcat header HTTP request smuggling
4606| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4607| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4608| [47709] Apache Roller "
4609| [47104] Novell Netware ApacheAdmin console security bypass
4610| [47086] Apache HTTP Server OS fingerprinting unspecified
4611| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4612| [45791] Apache Tomcat RemoteFilterValve security bypass
4613| [44435] Oracle WebLogic Apache Connector buffer overflow
4614| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4615| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4616| [44156] Apache Tomcat RequestDispatcher directory traversal
4617| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4618| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4619| [42987] Apache HTTP Server mod_proxy module denial of service
4620| [42915] Apache Tomcat JSP files path disclosure
4621| [42914] Apache Tomcat MS-DOS path disclosure
4622| [42892] Apache Tomcat unspecified unauthorized access
4623| [42816] Apache Tomcat Host Manager cross-site scripting
4624| [42303] Apache 403 error cross-site scripting
4625| [41618] Apache-SSL ExpandCert() authentication bypass
4626| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4627| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4628| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4629| [40562] Apache Geronimo init information disclosure
4630| [40478] Novell Web Manager webadmin-apache.conf security bypass
4631| [40411] Apache Tomcat exception handling information disclosure
4632| [40409] Apache Tomcat native (APR based) connector weak security
4633| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4634| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4635| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4636| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4637| [39804] Apache Tomcat SingleSignOn information disclosure
4638| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4639| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4640| [39608] Apache HTTP Server balancer manager cross-site request forgery
4641| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4642| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4643| [39472] Apache HTTP Server mod_status cross-site scripting
4644| [39201] Apache Tomcat JULI logging weak security
4645| [39158] Apache HTTP Server Windows SMB shares information disclosure
4646| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4647| [38951] Apache::AuthCAS Perl module cookie SQL injection
4648| [38800] Apache HTTP Server 413 error page cross-site scripting
4649| [38211] Apache Geronimo SQLLoginModule authentication bypass
4650| [37243] Apache Tomcat WebDAV directory traversal
4651| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4652| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4653| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4654| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4655| [36782] Apache Geronimo MEJB unauthorized access
4656| [36586] Apache HTTP Server UTF-7 cross-site scripting
4657| [36468] Apache Geronimo LoginModule security bypass
4658| [36467] Apache Tomcat functions.jsp cross-site scripting
4659| [36402] Apache Tomcat calendar cross-site request forgery
4660| [36354] Apache HTTP Server mod_proxy module denial of service
4661| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4662| [36336] Apache Derby lock table privilege escalation
4663| [36335] Apache Derby schema privilege escalation
4664| [36006] Apache Tomcat "
4665| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4666| [35999] Apache Tomcat \"
4667| [35795] Apache Tomcat CookieExample cross-site scripting
4668| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4669| [35384] Apache HTTP Server mod_cache module denial of service
4670| [35097] Apache HTTP Server mod_status module cross-site scripting
4671| [35095] Apache HTTP Server Prefork MPM module denial of service
4672| [34984] Apache HTTP Server recall_headers information disclosure
4673| [34966] Apache HTTP Server MPM content spoofing
4674| [34965] Apache HTTP Server MPM information disclosure
4675| [34963] Apache HTTP Server MPM multiple denial of service
4676| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4677| [34869] Apache Tomcat JSP example Web application cross-site scripting
4678| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4679| [34496] Apache Tomcat JK Connector security bypass
4680| [34377] Apache Tomcat hello.jsp cross-site scripting
4681| [34212] Apache Tomcat SSL configuration security bypass
4682| [34210] Apache Tomcat Accept-Language cross-site scripting
4683| [34209] Apache Tomcat calendar application cross-site scripting
4684| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4685| [34167] Apache Axis WSDL file path disclosure
4686| [34068] Apache Tomcat AJP connector information disclosure
4687| [33584] Apache HTTP Server suEXEC privilege escalation
4688| [32988] Apache Tomcat proxy module directory traversal
4689| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4690| [32708] Debian Apache tty privilege escalation
4691| [32441] ApacheStats extract() PHP call unspecified
4692| [32128] Apache Tomcat default account
4693| [31680] Apache Tomcat RequestParamExample cross-site scripting
4694| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4695| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4696| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4697| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4698| [29550] Apache mod_tcl set_var() format string
4699| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4700| [28357] Apache HTTP Server mod_alias script source information disclosure
4701| [28063] Apache mod_rewrite off-by-one buffer overflow
4702| [27902] Apache Tomcat URL information disclosure
4703| [26786] Apache James SMTP server denial of service
4704| [25680] libapache2 /tmp/svn file upload
4705| [25614] Apache Struts lookupMap cross-site scripting
4706| [25613] Apache Struts ActionForm denial of service
4707| [25612] Apache Struts isCancelled() security bypass
4708| [24965] Apache mod_python FileSession command execution
4709| [24716] Apache James spooler memory leak denial of service
4710| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4711| [24158] Apache Geronimo jsp-examples cross-site scripting
4712| [24030] Apache auth_ldap module multiple format strings
4713| [24008] Apache mod_ssl custom error message denial of service
4714| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4715| [23612] Apache mod_imap referer field cross-site scripting
4716| [23173] Apache Struts error message cross-site scripting
4717| [22942] Apache Tomcat directory listing denial of service
4718| [22858] Apache Multi-Processing Module code allows denial of service
4719| [22602] RHSA-2005:582 updates for Apache httpd not installed
4720| [22520] Apache mod-auth-shadow "
4721| [22466] ApacheTop symlink
4722| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4723| [22006] Apache HTTP Server byte-range filter denial of service
4724| [21567] Apache mod_ssl off-by-one buffer overflow
4725| [21195] Apache HTTP Server header HTTP request smuggling
4726| [20383] Apache HTTP Server htdigest buffer overflow
4727| [19681] Apache Tomcat AJP12 request denial of service
4728| [18993] Apache HTTP server check_forensic symlink attack
4729| [18790] Apache Tomcat Manager cross-site scripting
4730| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4731| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4732| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4733| [17961] Apache Web server ServerTokens has not been set
4734| [17930] Apache HTTP Server HTTP GET request denial of service
4735| [17785] Apache mod_include module buffer overflow
4736| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4737| [17473] Apache HTTP Server Satisfy directive allows access to resources
4738| [17413] Apache htpasswd buffer overflow
4739| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4740| [17382] Apache HTTP Server IPv6 apr_util denial of service
4741| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4742| [17273] Apache HTTP Server speculative mode denial of service
4743| [17200] Apache HTTP Server mod_ssl denial of service
4744| [16890] Apache HTTP Server server-info request has been detected
4745| [16889] Apache HTTP Server server-status request has been detected
4746| [16705] Apache mod_ssl format string attack
4747| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
4748| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
4749| [16230] Apache HTTP Server PHP denial of service
4750| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
4751| [15958] Apache HTTP Server authentication modules memory corruption
4752| [15547] Apache HTTP Server mod_disk_cache local information disclosure
4753| [15540] Apache HTTP Server socket starvation denial of service
4754| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
4755| [15422] Apache HTTP Server mod_access information disclosure
4756| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
4757| [15293] Apache for Cygwin "
4758| [15065] Apache-SSL has a default password
4759| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
4760| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
4761| [14751] Apache Mod_python output filter information disclosure
4762| [14125] Apache HTTP Server mod_userdir module information disclosure
4763| [14075] Apache HTTP Server mod_php file descriptor leak
4764| [13703] Apache HTTP Server account
4765| [13689] Apache HTTP Server configuration allows symlinks
4766| [13688] Apache HTTP Server configuration allows SSI
4767| [13687] Apache HTTP Server Server: header value
4768| [13685] Apache HTTP Server ServerTokens value
4769| [13684] Apache HTTP Server ServerSignature value
4770| [13672] Apache HTTP Server config allows directory autoindexing
4771| [13671] Apache HTTP Server default content
4772| [13670] Apache HTTP Server config file directive references outside content root
4773| [13668] Apache HTTP Server httpd not running in chroot environment
4774| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
4775| [13664] Apache HTTP Server config file contains ScriptAlias entry
4776| [13663] Apache HTTP Server CGI support modules loaded
4777| [13661] Apache HTTP Server config file contains AddHandler entry
4778| [13660] Apache HTTP Server 500 error page not CGI script
4779| [13659] Apache HTTP Server 413 error page not CGI script
4780| [13658] Apache HTTP Server 403 error page not CGI script
4781| [13657] Apache HTTP Server 401 error page not CGI script
4782| [13552] Apache HTTP Server mod_cgid module information disclosure
4783| [13550] Apache GET request directory traversal
4784| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
4785| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
4786| [13429] Apache Tomcat non-HTTP request denial of service
4787| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
4788| [13295] Apache weak password encryption
4789| [13254] Apache Tomcat .jsp cross-site scripting
4790| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
4791| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
4792| [12681] Apache HTTP Server mod_proxy could allow mail relaying
4793| [12662] Apache HTTP Server rotatelogs denial of service
4794| [12554] Apache Tomcat stores password in plain text
4795| [12553] Apache HTTP Server redirects and subrequests denial of service
4796| [12552] Apache HTTP Server FTP proxy server denial of service
4797| [12551] Apache HTTP Server prefork MPM denial of service
4798| [12550] Apache HTTP Server weaker than expected encryption
4799| [12549] Apache HTTP Server type-map file denial of service
4800| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
4801| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
4802| [12091] Apache HTTP Server apr_password_validate denial of service
4803| [12090] Apache HTTP Server apr_psprintf code execution
4804| [11804] Apache HTTP Server mod_access_referer denial of service
4805| [11750] Apache HTTP Server could leak sensitive file descriptors
4806| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
4807| [11703] Apache long slash path allows directory listing
4808| [11695] Apache HTTP Server LF (Line Feed) denial of service
4809| [11694] Apache HTTP Server filestat.c denial of service
4810| [11438] Apache HTTP Server MIME message boundaries information disclosure
4811| [11412] Apache HTTP Server error log terminal escape sequence injection
4812| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
4813| [11195] Apache Tomcat web.xml could be used to read files
4814| [11194] Apache Tomcat URL appended with a null character could list directories
4815| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
4816| [11126] Apache HTTP Server illegal character file disclosure
4817| [11125] Apache HTTP Server DOS device name HTTP POST code execution
4818| [11124] Apache HTTP Server DOS device name denial of service
4819| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
4820| [10938] Apache HTTP Server printenv test CGI cross-site scripting
4821| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
4822| [10575] Apache mod_php module could allow an attacker to take over the httpd process
4823| [10499] Apache HTTP Server WebDAV HTTP POST view source
4824| [10457] Apache HTTP Server mod_ssl "
4825| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
4826| [10414] Apache HTTP Server htdigest multiple buffer overflows
4827| [10413] Apache HTTP Server htdigest temporary file race condition
4828| [10412] Apache HTTP Server htpasswd temporary file race condition
4829| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
4830| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
4831| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
4832| [10280] Apache HTTP Server shared memory scorecard overwrite
4833| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
4834| [10241] Apache HTTP Server Host: header cross-site scripting
4835| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
4836| [10208] Apache HTTP Server mod_dav denial of service
4837| [10206] HP VVOS Apache mod_ssl denial of service
4838| [10200] Apache HTTP Server stderr denial of service
4839| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
4840| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
4841| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
4842| [10098] Slapper worm targets OpenSSL/Apache systems
4843| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
4844| [9875] Apache HTTP Server .var file request could disclose installation path
4845| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
4846| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
4847| [9623] Apache HTTP Server ap_log_rerror() path disclosure
4848| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
4849| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
4850| [9396] Apache Tomcat null character to threads denial of service
4851| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
4852| [9249] Apache HTTP Server chunked encoding heap buffer overflow
4853| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
4854| [8932] Apache Tomcat example class information disclosure
4855| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
4856| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
4857| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
4858| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
4859| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
4860| [8400] Apache HTTP Server mod_frontpage buffer overflows
4861| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
4862| [8308] Apache "
4863| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
4864| [8119] Apache and PHP OPTIONS request reveals "
4865| [8054] Apache is running on the system
4866| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
4867| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
4868| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
4869| [7836] Apache HTTP Server log directory denial of service
4870| [7815] Apache for Windows "
4871| [7810] Apache HTTP request could result in unexpected behavior
4872| [7599] Apache Tomcat reveals installation path
4873| [7494] Apache "
4874| [7419] Apache Web Server could allow remote attackers to overwrite .log files
4875| [7363] Apache Web Server hidden HTTP requests
4876| [7249] Apache mod_proxy denial of service
4877| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
4878| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
4879| [7059] Apache "
4880| [7057] Apache "
4881| [7056] Apache "
4882| [7055] Apache "
4883| [7054] Apache "
4884| [6997] Apache Jakarta Tomcat error message may reveal information
4885| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
4886| [6970] Apache crafted HTTP request could reveal the internal IP address
4887| [6921] Apache long slash path allows directory listing
4888| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
4889| [6527] Apache Web Server for Windows and OS2 denial of service
4890| [6316] Apache Jakarta Tomcat may reveal JSP source code
4891| [6305] Apache Jakarta Tomcat directory traversal
4892| [5926] Linux Apache symbolic link
4893| [5659] Apache Web server discloses files when used with php script
4894| [5310] Apache mod_rewrite allows attacker to view arbitrary files
4895| [5204] Apache WebDAV directory listings
4896| [5197] Apache Web server reveals CGI script source code
4897| [5160] Apache Jakarta Tomcat default installation
4898| [5099] Trustix Secure Linux installs Apache with world writable access
4899| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
4900| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
4901| [4931] Apache source.asp example file allows users to write to files
4902| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
4903| [4205] Apache Jakarta Tomcat delivers file contents
4904| [2084] Apache on Debian by default serves the /usr/doc directory
4905| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
4906| [697] Apache HTTP server beck exploit
4907| [331] Apache cookies buffer overflow
4908|
4909| Exploit-DB - https://www.exploit-db.com:
4910| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
4911| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4912| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4913| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
4914| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
4915| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
4916| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
4917| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
4918| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
4919| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4920| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
4921| [29859] Apache Roller OGNL Injection
4922| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
4923| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
4924| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
4925| [29290] Apache / PHP 5.x Remote Code Execution Exploit
4926| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
4927| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
4928| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
4929| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
4930| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
4931| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
4932| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
4933| [27096] Apache Geronimo 1.0 Error Page XSS
4934| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
4935| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
4936| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
4937| [25986] Plesk Apache Zeroday Remote Exploit
4938| [25980] Apache Struts includeParams Remote Code Execution
4939| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
4940| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
4941| [24874] Apache Struts ParametersInterceptor Remote Code Execution
4942| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
4943| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
4944| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
4945| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
4946| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
4947| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
4948| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
4949| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
4950| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
4951| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
4952| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
4953| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
4954| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
4955| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
4956| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
4957| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
4958| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4959| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
4960| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
4961| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4962| [21719] Apache 2.0 Path Disclosure Vulnerability
4963| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4964| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
4965| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
4966| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
4967| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
4968| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
4969| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
4970| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
4971| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
4972| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
4973| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
4974| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
4975| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
4976| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
4977| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
4978| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
4979| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
4980| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
4981| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
4982| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
4983| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
4984| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
4985| [20558] Apache 1.2 Web Server DoS Vulnerability
4986| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
4987| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
4988| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
4989| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
4990| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
4991| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
4992| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
4993| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
4994| [19231] PHP apache_request_headers Function Buffer Overflow
4995| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
4996| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
4997| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
4998| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
4999| [18442] Apache httpOnly Cookie Disclosure
5000| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5001| [18221] Apache HTTP Server Denial of Service
5002| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5003| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5004| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5005| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5006| [16782] Apache Win32 Chunked Encoding
5007| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5008| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5009| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5010| [15319] Apache 2.2 (Windows) Local Denial of Service
5011| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5012| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5013| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5014| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5015| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5016| [12330] Apache OFBiz - Multiple XSS
5017| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5018| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5019| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5020| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5021| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5022| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5023| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5024| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5025| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5026| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5027| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5028| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5029| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5030| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5031| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5032| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5033| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5034| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5035| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5036| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5037| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5038| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5039| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5040| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5041| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5042| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5043| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5044| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5045| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5046| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5047| [466] htpasswd Apache 1.3.31 - Local Exploit
5048| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5049| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5050| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5051| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5052| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5053| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5054| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5055| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5056| [9] Apache HTTP Server 2.x Memory Leak Exploit
5057|
5058| OpenVAS (Nessus) - http://www.openvas.org:
5059| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5060| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5061| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5062| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5063| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5064| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5065| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5066| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5067| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5068| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5069| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5070| [900571] Apache APR-Utils Version Detection
5071| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5072| [900496] Apache Tiles Multiple XSS Vulnerability
5073| [900493] Apache Tiles Version Detection
5074| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5075| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5076| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5077| [870175] RedHat Update for apache RHSA-2008:0004-01
5078| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5079| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5080| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5081| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5082| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5083| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5084| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5085| [855821] Solaris Update for Apache 1.3 122912-19
5086| [855812] Solaris Update for Apache 1.3 122911-19
5087| [855737] Solaris Update for Apache 1.3 122911-17
5088| [855731] Solaris Update for Apache 1.3 122912-17
5089| [855695] Solaris Update for Apache 1.3 122911-16
5090| [855645] Solaris Update for Apache 1.3 122912-16
5091| [855587] Solaris Update for kernel update and Apache 108529-29
5092| [855566] Solaris Update for Apache 116973-07
5093| [855531] Solaris Update for Apache 116974-07
5094| [855524] Solaris Update for Apache 2 120544-14
5095| [855494] Solaris Update for Apache 1.3 122911-15
5096| [855478] Solaris Update for Apache Security 114145-11
5097| [855472] Solaris Update for Apache Security 113146-12
5098| [855179] Solaris Update for Apache 1.3 122912-15
5099| [855147] Solaris Update for kernel update and Apache 108528-29
5100| [855077] Solaris Update for Apache 2 120543-14
5101| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5102| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5103| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5104| [841209] Ubuntu Update for apache2 USN-1627-1
5105| [840900] Ubuntu Update for apache2 USN-1368-1
5106| [840798] Ubuntu Update for apache2 USN-1259-1
5107| [840734] Ubuntu Update for apache2 USN-1199-1
5108| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5109| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5110| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5111| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5112| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5113| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5114| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5115| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5116| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5117| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5118| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5119| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5120| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5121| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5122| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5123| [835188] HP-UX Update for Apache HPSBUX02308
5124| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5125| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5126| [835172] HP-UX Update for Apache HPSBUX02365
5127| [835168] HP-UX Update for Apache HPSBUX02313
5128| [835148] HP-UX Update for Apache HPSBUX01064
5129| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5130| [835131] HP-UX Update for Apache HPSBUX00256
5131| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5132| [835104] HP-UX Update for Apache HPSBUX00224
5133| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5134| [835101] HP-UX Update for Apache HPSBUX01232
5135| [835080] HP-UX Update for Apache HPSBUX02273
5136| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5137| [835044] HP-UX Update for Apache HPSBUX01019
5138| [835040] HP-UX Update for Apache PHP HPSBUX00207
5139| [835025] HP-UX Update for Apache HPSBUX00197
5140| [835023] HP-UX Update for Apache HPSBUX01022
5141| [835022] HP-UX Update for Apache HPSBUX02292
5142| [835005] HP-UX Update for Apache HPSBUX02262
5143| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5144| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5145| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5146| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5147| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5148| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5149| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5150| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5151| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5152| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5153| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5154| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5155| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5156| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5157| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5158| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5159| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5160| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5161| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5162| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5163| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5164| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5165| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5166| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5167| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5168| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5169| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5170| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5171| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5172| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5173| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5174| [801942] Apache Archiva Multiple Vulnerabilities
5175| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5176| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5177| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5178| [801284] Apache Derby Information Disclosure Vulnerability
5179| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5180| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5181| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5182| [800680] Apache APR Version Detection
5183| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5184| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5185| [800677] Apache Roller Version Detection
5186| [800279] Apache mod_jk Module Version Detection
5187| [800278] Apache Struts Cross Site Scripting Vulnerability
5188| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5189| [800276] Apache Struts Version Detection
5190| [800271] Apache Struts Directory Traversal Vulnerability
5191| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5192| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5193| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5194| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5195| [103074] Apache Continuum Cross Site Scripting Vulnerability
5196| [103073] Apache Continuum Detection
5197| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5198| [101023] Apache Open For Business Weak Password security check
5199| [101020] Apache Open For Business HTML injection vulnerability
5200| [101019] Apache Open For Business service detection
5201| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5202| [100923] Apache Archiva Detection
5203| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5204| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5205| [100813] Apache Axis2 Detection
5206| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5207| [100795] Apache Derby Detection
5208| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5209| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5210| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5211| [100514] Apache Multiple Security Vulnerabilities
5212| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5213| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5214| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5215| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5216| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5217| [72612] FreeBSD Ports: apache22
5218| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5219| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5220| [71512] FreeBSD Ports: apache
5221| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5222| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5223| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5224| [70737] FreeBSD Ports: apache
5225| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5226| [70600] FreeBSD Ports: apache
5227| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5228| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5229| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5230| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5231| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5232| [67868] FreeBSD Ports: apache
5233| [66816] FreeBSD Ports: apache
5234| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5235| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5236| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5237| [66081] SLES11: Security update for Apache 2
5238| [66074] SLES10: Security update for Apache 2
5239| [66070] SLES9: Security update for Apache 2
5240| [65998] SLES10: Security update for apache2-mod_python
5241| [65893] SLES10: Security update for Apache 2
5242| [65888] SLES10: Security update for Apache 2
5243| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5244| [65510] SLES9: Security update for Apache 2
5245| [65472] SLES9: Security update for Apache
5246| [65467] SLES9: Security update for Apache
5247| [65450] SLES9: Security update for apache2
5248| [65390] SLES9: Security update for Apache2
5249| [65363] SLES9: Security update for Apache2
5250| [65309] SLES9: Security update for Apache and mod_ssl
5251| [65296] SLES9: Security update for webdav apache module
5252| [65283] SLES9: Security update for Apache2
5253| [65249] SLES9: Security update for Apache 2
5254| [65230] SLES9: Security update for Apache 2
5255| [65228] SLES9: Security update for Apache 2
5256| [65212] SLES9: Security update for apache2-mod_python
5257| [65209] SLES9: Security update for apache2-worker
5258| [65207] SLES9: Security update for Apache 2
5259| [65168] SLES9: Security update for apache2-mod_python
5260| [65142] SLES9: Security update for Apache2
5261| [65136] SLES9: Security update for Apache 2
5262| [65132] SLES9: Security update for apache
5263| [65131] SLES9: Security update for Apache 2 oes/CORE
5264| [65113] SLES9: Security update for apache2
5265| [65072] SLES9: Security update for apache and mod_ssl
5266| [65017] SLES9: Security update for Apache 2
5267| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5268| [64783] FreeBSD Ports: apache
5269| [64774] Ubuntu USN-802-2 (apache2)
5270| [64653] Ubuntu USN-813-2 (apache2)
5271| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5272| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5273| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5274| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5275| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5276| [64443] Ubuntu USN-802-1 (apache2)
5277| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5278| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5279| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5280| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5281| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5282| [64201] Ubuntu USN-787-1 (apache2)
5283| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5284| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5285| [63565] FreeBSD Ports: apache
5286| [63562] Ubuntu USN-731-1 (apache2)
5287| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5288| [61185] FreeBSD Ports: apache
5289| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5290| [60387] Slackware Advisory SSA:2008-045-02 apache
5291| [58826] FreeBSD Ports: apache-tomcat
5292| [58825] FreeBSD Ports: apache-tomcat
5293| [58804] FreeBSD Ports: apache
5294| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5295| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5296| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5297| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5298| [57335] Debian Security Advisory DSA 1167-1 (apache)
5299| [57201] Debian Security Advisory DSA 1131-1 (apache)
5300| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5301| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5302| [57145] FreeBSD Ports: apache
5303| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5304| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5305| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5306| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5307| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5308| [56067] FreeBSD Ports: apache
5309| [55803] Slackware Advisory SSA:2005-310-04 apache
5310| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5311| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5312| [55355] FreeBSD Ports: apache
5313| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5314| [55261] Debian Security Advisory DSA 805-1 (apache2)
5315| [55259] Debian Security Advisory DSA 803-1 (apache)
5316| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5317| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5318| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5319| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5320| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5321| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5322| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5323| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5324| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5325| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5326| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5327| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5328| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5329| [54439] FreeBSD Ports: apache
5330| [53931] Slackware Advisory SSA:2004-133-01 apache
5331| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5332| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5333| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5334| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5335| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5336| [53848] Debian Security Advisory DSA 131-1 (apache)
5337| [53784] Debian Security Advisory DSA 021-1 (apache)
5338| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5339| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5340| [53735] Debian Security Advisory DSA 187-1 (apache)
5341| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5342| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5343| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5344| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5345| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5346| [53282] Debian Security Advisory DSA 594-1 (apache)
5347| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5348| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5349| [53215] Debian Security Advisory DSA 525-1 (apache)
5350| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5351| [52529] FreeBSD Ports: apache+ssl
5352| [52501] FreeBSD Ports: apache
5353| [52461] FreeBSD Ports: apache
5354| [52390] FreeBSD Ports: apache
5355| [52389] FreeBSD Ports: apache
5356| [52388] FreeBSD Ports: apache
5357| [52383] FreeBSD Ports: apache
5358| [52339] FreeBSD Ports: apache+mod_ssl
5359| [52331] FreeBSD Ports: apache
5360| [52329] FreeBSD Ports: ru-apache+mod_ssl
5361| [52314] FreeBSD Ports: apache
5362| [52310] FreeBSD Ports: apache
5363| [15588] Detect Apache HTTPS
5364| [15555] Apache mod_proxy content-length buffer overflow
5365| [15554] Apache mod_include priviledge escalation
5366| [14771] Apache <= 1.3.33 htpasswd local overflow
5367| [14177] Apache mod_access rule bypass
5368| [13644] Apache mod_rootme Backdoor
5369| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5370| [12280] Apache Connection Blocking Denial of Service
5371| [12239] Apache Error Log Escape Sequence Injection
5372| [12123] Apache Tomcat source.jsp malformed request information disclosure
5373| [12085] Apache Tomcat servlet/JSP container default files
5374| [11438] Apache Tomcat Directory Listing and File disclosure
5375| [11204] Apache Tomcat Default Accounts
5376| [11092] Apache 2.0.39 Win32 directory traversal
5377| [11046] Apache Tomcat TroubleShooter Servlet Installed
5378| [11042] Apache Tomcat DOS Device Name XSS
5379| [11041] Apache Tomcat /servlet Cross Site Scripting
5380| [10938] Apache Remote Command Execution via .bat files
5381| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5382| [10773] MacOS X Finder reveals contents of Apache Web files
5383| [10766] Apache UserDir Sensitive Information Disclosure
5384| [10756] MacOS X Finder reveals contents of Apache Web directories
5385| [10752] Apache Auth Module SQL Insertion Attack
5386| [10704] Apache Directory Listing
5387| [10678] Apache /server-info accessible
5388| [10677] Apache /server-status accessible
5389| [10440] Check for Apache Multiple / vulnerability
5390|
5391| SecurityTracker - https://www.securitytracker.com:
5392| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5393| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5394| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5395| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5396| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5397| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5398| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5399| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5400| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5401| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5402| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5403| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5404| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5405| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5406| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5407| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5408| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5409| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5410| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5411| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5412| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5413| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5414| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5415| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5416| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5417| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5418| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5419| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5420| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5421| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5422| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5423| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5424| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5425| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5426| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5427| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5428| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5429| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5430| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5431| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5432| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5433| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5434| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5435| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5436| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5437| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5438| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5439| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5440| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5441| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5442| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5443| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5444| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5445| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5446| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5447| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5448| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5449| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5450| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5451| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5452| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5453| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5454| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5455| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5456| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5457| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5458| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5459| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5460| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5461| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5462| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5463| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5464| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5465| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5466| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5467| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5468| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5469| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5470| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5471| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5472| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5473| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5474| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5475| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5476| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5477| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5478| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5479| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5480| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5481| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5482| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5483| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5484| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5485| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5486| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5487| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5488| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5489| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5490| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5491| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5492| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5493| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5494| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5495| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5496| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5497| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5498| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5499| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5500| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5501| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5502| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5503| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5504| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5505| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5506| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5507| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5508| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5509| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5510| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5511| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5512| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5513| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5514| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5515| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5516| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5517| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5518| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5519| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5520| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5521| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5522| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5523| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5524| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5525| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5526| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5527| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5528| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5529| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5530| [1008920] Apache mod_digest May Validate Replayed Client Responses
5531| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5532| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5533| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5534| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5535| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5536| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5537| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5538| [1008029] Apache mod_alias Contains a Buffer Overflow
5539| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5540| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5541| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5542| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5543| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5544| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5545| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5546| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5547| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5548| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5549| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5550| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5551| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5552| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5553| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5554| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5555| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5556| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5557| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5558| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5559| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5560| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5561| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5562| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5563| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5564| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5565| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5566| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5567| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5568| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5569| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5570| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5571| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5572| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5573| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5574| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5575| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5576| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5577| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5578| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5579| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5580| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5581| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5582| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5583| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5584| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5585| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5586| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5587| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5588| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5589| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5590| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5591| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5592| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5593| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5594| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5595|
5596| OSVDB - http://www.osvdb.org:
5597| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5598| [96077] Apache CloudStack Global Settings Multiple Field XSS
5599| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5600| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5601| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5602| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5603| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5604| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5605| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5606| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5607| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5608| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5609| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5610| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5611| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5612| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5613| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5614| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5615| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5616| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5617| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5618| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5619| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5620| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5621| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5622| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5623| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5624| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5625| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5626| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5627| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5628| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5629| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5630| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5631| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5632| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5633| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5634| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5635| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5636| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5637| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5638| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5639| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5640| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5641| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5642| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5643| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5644| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5645| [94279] Apache Qpid CA Certificate Validation Bypass
5646| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5647| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5648| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5649| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5650| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5651| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5652| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5653| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5654| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5655| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5656| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5657| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5658| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5659| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5660| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5661| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5662| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5663| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5664| [93541] Apache Solr json.wrf Callback XSS
5665| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5666| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5667| [93520] Apache CloudStack Default SSL Key Weakness
5668| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5669| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5670| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5671| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5672| [93515] Apache HBase table.jsp name Parameter XSS
5673| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5674| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5675| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5676| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5677| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5678| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5679| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5680| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5681| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5682| [93252] Apache Tomcat FORM Authenticator Session Fixation
5683| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5684| [93171] Apache Sling HtmlResponse Error Message XSS
5685| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5686| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5687| [93168] Apache Click ErrorReport.java id Parameter XSS
5688| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5689| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5690| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5691| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5692| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5693| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5694| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5695| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5696| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5697| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5698| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5699| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5700| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5701| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5702| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5703| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5704| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5705| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5706| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5707| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5708| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5709| [93144] Apache Solr Admin Command Execution CSRF
5710| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5711| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5712| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5713| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5714| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5715| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5716| [92748] Apache CloudStack VM Console Access Restriction Bypass
5717| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5718| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5719| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5720| [92706] Apache ActiveMQ Debug Log Rendering XSS
5721| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5722| [92270] Apache Tomcat Unspecified CSRF
5723| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5724| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5725| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5726| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5727| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5728| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5729| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5730| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5731| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5732| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5733| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5734| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5735| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5736| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5737| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5738| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5739| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5740| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5741| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5742| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5743| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5744| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5745| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
5746| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
5747| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
5748| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
5749| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
5750| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
5751| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
5752| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
5753| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
5754| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
5755| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
5756| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
5757| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
5758| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
5759| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
5760| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
5761| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
5762| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
5763| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
5764| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
5765| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
5766| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
5767| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
5768| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
5769| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
5770| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
5771| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
5772| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
5773| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
5774| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
5775| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
5776| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
5777| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
5778| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
5779| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
5780| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
5781| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
5782| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
5783| [86901] Apache Tomcat Error Message Path Disclosure
5784| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
5785| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
5786| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
5787| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
5788| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
5789| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
5790| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
5791| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
5792| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
5793| [85430] Apache mod_pagespeed Module Unspecified XSS
5794| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
5795| [85249] Apache Wicket Unspecified XSS
5796| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
5797| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
5798| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
5799| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
5800| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
5801| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
5802| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
5803| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
5804| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
5805| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
5806| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
5807| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
5808| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
5809| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
5810| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
5811| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
5812| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
5813| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
5814| [83339] Apache Roller Blogger Roll Unspecified XSS
5815| [83270] Apache Roller Unspecified Admin Action CSRF
5816| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
5817| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
5818| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
5819| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
5820| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
5821| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
5822| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
5823| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
5824| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
5825| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
5826| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
5827| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
5828| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
5829| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
5830| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
5831| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
5832| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
5833| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
5834| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
5835| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
5836| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
5837| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
5838| [80300] Apache Wicket wicket:pageMapName Parameter XSS
5839| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
5840| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
5841| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
5842| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
5843| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
5844| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
5845| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
5846| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
5847| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
5848| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
5849| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
5850| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
5851| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
5852| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
5853| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
5854| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
5855| [78331] Apache Tomcat Request Object Recycling Information Disclosure
5856| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
5857| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
5858| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
5859| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
5860| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
5861| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
5862| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
5863| [77593] Apache Struts Conversion Error OGNL Expression Injection
5864| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
5865| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
5866| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
5867| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
5868| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
5869| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
5870| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
5871| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
5872| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
5873| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
5874| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
5875| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
5876| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
5877| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
5878| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
5879| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
5880| [74725] Apache Wicket Multi Window Support Unspecified XSS
5881| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
5882| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
5883| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
5884| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
5885| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
5886| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
5887| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
5888| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
5889| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
5890| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
5891| [73644] Apache XML Security Signature Key Parsing Overflow DoS
5892| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
5893| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
5894| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
5895| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
5896| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
5897| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
5898| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
5899| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
5900| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
5901| [73154] Apache Archiva Multiple Unspecified CSRF
5902| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
5903| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
5904| [72238] Apache Struts Action / Method Names <
5905| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
5906| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
5907| [71557] Apache Tomcat HTML Manager Multiple XSS
5908| [71075] Apache Archiva User Management Page XSS
5909| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
5910| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
5911| [70924] Apache Continuum Multiple Admin Function CSRF
5912| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
5913| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
5914| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
5915| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
5916| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
5917| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
5918| [69520] Apache Archiva Administrator Credential Manipulation CSRF
5919| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
5920| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
5921| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
5922| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
5923| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
5924| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
5925| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
5926| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
5927| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
5928| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
5929| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
5930| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
5931| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
5932| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
5933| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
5934| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
5935| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
5936| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
5937| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
5938| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
5939| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
5940| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
5941| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
5942| [65054] Apache ActiveMQ Jetty Error Handler XSS
5943| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
5944| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
5945| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
5946| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
5947| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
5948| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
5949| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
5950| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
5951| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
5952| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
5953| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
5954| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
5955| [63895] Apache HTTP Server mod_headers Unspecified Issue
5956| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
5957| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
5958| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
5959| [63140] Apache Thrift Service Malformed Data Remote DoS
5960| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
5961| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
5962| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
5963| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
5964| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
5965| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
5966| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
5967| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
5968| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
5969| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
5970| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
5971| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
5972| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
5973| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
5974| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
5975| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
5976| [60678] Apache Roller Comment Email Notification Manipulation DoS
5977| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
5978| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
5979| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
5980| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
5981| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
5982| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
5983| [60232] PHP on Apache php.exe Direct Request Remote DoS
5984| [60176] Apache Tomcat Windows Installer Admin Default Password
5985| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
5986| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
5987| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
5988| [59944] Apache Hadoop jobhistory.jsp XSS
5989| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
5990| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
5991| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
5992| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
5993| [59019] Apache mod_python Cookie Salting Weakness
5994| [59018] Apache Harmony Error Message Handling Overflow
5995| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
5996| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
5997| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
5998| [59010] Apache Solr get-file.jsp XSS
5999| [59009] Apache Solr action.jsp XSS
6000| [59008] Apache Solr analysis.jsp XSS
6001| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6002| [59006] Apache Beehive select / checkbox Tag XSS
6003| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6004| [59004] Apache Beehive Error Message XSS
6005| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6006| [59002] Apache Jetspeed default-page.psml URI XSS
6007| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6008| [59000] Apache CXF Unsigned Message Policy Bypass
6009| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6010| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6011| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6012| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6013| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6014| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6015| [58993] Apache Hadoop browseBlock.jsp XSS
6016| [58991] Apache Hadoop browseDirectory.jsp XSS
6017| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6018| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6019| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6020| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6021| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6022| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6023| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6024| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6025| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6026| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6027| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6028| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6029| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6030| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6031| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6032| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6033| [58974] Apache Sling /apps Script User Session Management Access Weakness
6034| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6035| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6036| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6037| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6038| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6039| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6040| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6041| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6042| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6043| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6044| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6045| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6046| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6047| [58805] Apache Derby Unauthenticated Database / Admin Access
6048| [58804] Apache Wicket Header Contribution Unspecified Issue
6049| [58803] Apache Wicket Session Fixation
6050| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6051| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6052| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6053| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6054| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6055| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6056| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6057| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6058| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6059| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6060| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6061| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6062| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6063| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6064| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6065| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6066| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6067| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6068| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6069| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6070| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6071| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6072| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6073| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6074| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6075| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6076| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6077| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6078| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6079| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6080| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6081| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6082| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6083| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6084| [58755] Apache Harmony DRLVM Non-public Class Member Access
6085| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6086| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6087| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6088| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6089| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6090| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6091| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6092| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6093| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6094| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6095| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6096| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6097| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6098| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6099| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6100| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6101| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6102| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6103| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6104| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6105| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6106| [58724] Apache Roller Logout Functionality Failure Session Persistence
6107| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6108| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6109| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6110| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6111| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6112| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6113| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6114| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6115| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6116| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6117| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6118| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6119| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6120| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6121| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6122| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6123| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6124| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6125| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6126| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6127| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6128| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6129| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6130| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6131| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6132| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6133| [58687] Apache Axis Invalid wsdl Request XSS
6134| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6135| [58685] Apache Velocity Template Designer Privileged Code Execution
6136| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6137| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6138| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6139| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6140| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6141| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6142| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6143| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6144| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6145| [58667] Apache Roller Database Cleartext Passwords Disclosure
6146| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6147| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6148| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6149| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6150| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6151| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6152| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6153| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6154| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6155| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6156| [56984] Apache Xerces2 Java Malformed XML Input DoS
6157| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6158| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6159| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6160| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6161| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6162| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6163| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6164| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6165| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6166| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6167| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6168| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6169| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6170| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6171| [55056] Apache Tomcat Cross-application TLD File Manipulation
6172| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6173| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6174| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6175| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6176| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6177| [54589] Apache Jserv Nonexistent JSP Request XSS
6178| [54122] Apache Struts s:a / s:url Tag href Element XSS
6179| [54093] Apache ActiveMQ Web Console JMS Message XSS
6180| [53932] Apache Geronimo Multiple Admin Function CSRF
6181| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6182| [53930] Apache Geronimo /console/portal/ URI XSS
6183| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6184| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6185| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6186| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6187| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6188| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6189| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6190| [53380] Apache Struts Unspecified XSS
6191| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6192| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6193| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6194| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6195| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6196| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6197| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6198| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6199| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6200| [51151] Apache Roller Search Function q Parameter XSS
6201| [50482] PHP with Apache php_value Order Unspecified Issue
6202| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6203| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6204| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6205| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6206| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6207| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6208| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6209| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6210| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6211| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6212| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6213| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6214| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6215| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6216| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6217| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6218| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6219| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6220| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6221| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6222| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6223| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6224| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6225| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6226| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6227| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6228| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6229| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6230| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6231| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6232| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6233| [43452] Apache Tomcat HTTP Request Smuggling
6234| [43309] Apache Geronimo LoginModule Login Method Bypass
6235| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6236| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6237| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6238| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6239| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6240| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6241| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6242| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6243| [42091] Apache Maven Site Plugin Installation Permission Weakness
6244| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6245| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6246| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6247| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6248| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6249| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6250| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6251| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6252| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6253| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6254| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6255| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6256| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6257| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6258| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6259| [40262] Apache HTTP Server mod_status refresh XSS
6260| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6261| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6262| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6263| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6264| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6265| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6266| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6267| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6268| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6269| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6270| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6271| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6272| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6273| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6274| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6275| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6276| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6277| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6278| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6279| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6280| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6281| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6282| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6283| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6284| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6285| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6286| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6287| [36079] Apache Tomcat Manager Uploaded Filename XSS
6288| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6289| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6290| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6291| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6292| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6293| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6294| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6295| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6296| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6297| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6298| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6299| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6300| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6301| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6302| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6303| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6304| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6305| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6306| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6307| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6308| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6309| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6310| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6311| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6312| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6313| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6314| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6315| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6316| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6317| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6318| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6319| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6320| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6321| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6322| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6323| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6324| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6325| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6326| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6327| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6328| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6329| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6330| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6331| [24365] Apache Struts Multiple Function Error Message XSS
6332| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6333| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6334| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6335| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6336| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6337| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6338| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6339| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6340| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6341| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6342| [22459] Apache Geronimo Error Page XSS
6343| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6344| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6345| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6346| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6347| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6348| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6349| [21021] Apache Struts Error Message XSS
6350| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6351| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6352| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6353| [20439] Apache Tomcat Directory Listing Saturation DoS
6354| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6355| [20285] Apache HTTP Server Log File Control Character Injection
6356| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6357| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6358| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6359| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6360| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6361| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6362| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6363| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6364| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6365| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6366| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6367| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6368| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6369| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6370| [18233] Apache HTTP Server htdigest user Variable Overfow
6371| [17738] Apache HTTP Server HTTP Request Smuggling
6372| [16586] Apache HTTP Server Win32 GET Overflow DoS
6373| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6374| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6375| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6376| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6377| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6378| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6379| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6380| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6381| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6382| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6383| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6384| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6385| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6386| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6387| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6388| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6389| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6390| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6391| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6392| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6393| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6394| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6395| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6396| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6397| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6398| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6399| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6400| [13304] Apache Tomcat realPath.jsp Path Disclosure
6401| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6402| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6403| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6404| [12848] Apache HTTP Server htdigest realm Variable Overflow
6405| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6406| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6407| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6408| [12557] Apache HTTP Server prefork MPM accept Error DoS
6409| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6410| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6411| [12231] Apache Tomcat web.xml Arbitrary File Access
6412| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6413| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6414| [12178] Apache Jakarta Lucene results.jsp XSS
6415| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6416| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6417| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6418| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6419| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6420| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6421| [10471] Apache Xerces-C++ XML Parser DoS
6422| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6423| [10068] Apache HTTP Server htpasswd Local Overflow
6424| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6425| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6426| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6427| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6428| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6429| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6430| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6431| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6432| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6433| [9714] Apache Authentication Module Threaded MPM DoS
6434| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6435| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6436| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6437| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6438| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6439| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6440| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6441| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6442| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6443| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6444| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6445| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6446| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6447| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6448| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6449| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6450| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6451| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6452| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6453| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6454| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6455| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6456| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6457| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6458| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6459| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6460| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6461| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6462| [9208] Apache Tomcat .jsp Encoded Newline XSS
6463| [9204] Apache Tomcat ROOT Application XSS
6464| [9203] Apache Tomcat examples Application XSS
6465| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6466| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6467| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6468| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6469| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6470| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6471| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6472| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6473| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6474| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6475| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6476| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6477| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6478| [7611] Apache HTTP Server mod_alias Local Overflow
6479| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6480| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6481| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6482| [6882] Apache mod_python Malformed Query String Variant DoS
6483| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6484| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6485| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6486| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6487| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6488| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6489| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6490| [5278] Apache Tomcat web.xml Restriction Bypass
6491| [5051] Apache Tomcat Null Character DoS
6492| [4973] Apache Tomcat servlet Mapping XSS
6493| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6494| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6495| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6496| [4568] mod_survey For Apache ENV Tags SQL Injection
6497| [4553] Apache HTTP Server ApacheBench Overflow DoS
6498| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6499| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6500| [4383] Apache HTTP Server Socket Race Condition DoS
6501| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6502| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6503| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6504| [4231] Apache Cocoon Error Page Server Path Disclosure
6505| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6506| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6507| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6508| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6509| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6510| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6511| [3322] mod_php for Apache HTTP Server Process Hijack
6512| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6513| [2885] Apache mod_python Malformed Query String DoS
6514| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6515| [2733] Apache HTTP Server mod_rewrite Local Overflow
6516| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6517| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6518| [2149] Apache::Gallery Privilege Escalation
6519| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6520| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6521| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6522| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6523| [872] Apache Tomcat Multiple Default Accounts
6524| [862] Apache HTTP Server SSI Error Page XSS
6525| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6526| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6527| [845] Apache Tomcat MSDOS Device XSS
6528| [844] Apache Tomcat Java Servlet Error Page XSS
6529| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6530| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6531| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6532| [775] Apache mod_python Module Importing Privilege Function Execution
6533| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6534| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6535| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6536| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6537| [637] Apache HTTP Server UserDir Directive Username Enumeration
6538| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6539| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6540| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6541| [561] Apache Web Servers mod_status /server-status Information Disclosure
6542| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6543| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6544| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6545| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6546| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6547| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6548| [376] Apache Tomcat contextAdmin Arbitrary File Access
6549| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6550| [222] Apache HTTP Server test-cgi Arbitrary File Access
6551| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6552| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6553|_
6554Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6555Aggressive OS guesses: Linux 3.10 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 (90%), Linux 3.11 (90%), Linux 3.4 - 3.10 (90%), Linux 3.5 (90%), Synology DiskStation Manager 5.2-5644 (90%), Crestron XPanel control system (90%)
6556No exact OS matches for host (test conditions non-ideal).
6557Uptime guess: 2.509 days (since Tue Dec 3 14:53:07 2019)
6558Network Distance: 17 hops
6559TCP Sequence Prediction: Difficulty=251 (Good luck!)
6560IP ID Sequence Generation: All zeros
6561
6562TRACEROUTE (using port 80/tcp)
6563HOP RTT ADDRESS
65641 134.62 ms 10.216.200.1
65652 ...
65663 134.81 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
65674 134.67 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
65685 140.42 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
65696 158.46 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
65707 160.48 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
65718 239.32 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
65729 239.38 ms be2317.ccr41.jfk02.atlas.cogentco.com (154.54.30.185)
657310 239.44 ms be3471.ccr41.jfk02.atlas.cogentco.com (154.54.40.154)
657411 268.59 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
657512 265.73 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
657613 279.76 ms be2025.ccr22.mia03.atlas.cogentco.com (154.54.47.230)
657714 271.50 ms 38.104.94.214
657815 288.07 ms mia-core1-po2.mojohost.com (64.59.80.98)
657916 ...
658017 269.79 ms 74.206.167.239
6581
6582NSE: Script Post-scanning.
6583Initiating NSE at 03:06
6584Completed NSE at 03:06, 0.00s elapsed
6585Initiating NSE at 03:06
6586Completed NSE at 03:06, 0.00s elapsed
6587################################################################################################
6588https://74.206.167.239 [301 Moved Permanently] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[74.206.167.239], RedirectLocation[https://www.karupspc.com/], Title[301 Moved Permanently]
6589https://www.karupspc.com/ [200 OK] Apache, Cookies[PHPSESSID], Country[UNITED STATES][US], HTML5, HTTPServer[Apache], IP[74.206.167.239], JQuery[1.11.3], PHP[7.0.20], Script, Title[Karups Private Collection Home], X-Powered-By[PHP/7.0.20]
6590################################################################################################
6591Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:07 EST
6592NSE: Loaded 163 scripts for scanning.
6593NSE: Script Pre-scanning.
6594Initiating NSE at 03:07
6595Completed NSE at 03:07, 0.00s elapsed
6596Initiating NSE at 03:07
6597Completed NSE at 03:07, 0.00s elapsed
6598Initiating Parallel DNS resolution of 1 host. at 03:07
6599Completed Parallel DNS resolution of 1 host. at 03:07, 0.03s elapsed
6600Initiating SYN Stealth Scan at 03:07
6601Scanning 74.206.167.239 [1 port]
6602Discovered open port 443/tcp on 74.206.167.239
6603Completed SYN Stealth Scan at 03:07, 0.32s elapsed (1 total ports)
6604Initiating Service scan at 03:07
6605Scanning 1 service on 74.206.167.239
6606Completed Service scan at 03:08, 13.68s elapsed (1 service on 1 host)
6607Initiating OS detection (try #1) against 74.206.167.239
6608Retrying OS detection (try #2) against 74.206.167.239
6609Initiating Traceroute at 03:08
6610Completed Traceroute at 03:08, 3.17s elapsed
6611Initiating Parallel DNS resolution of 15 hosts. at 03:08
6612Completed Parallel DNS resolution of 15 hosts. at 03:08, 0.34s elapsed
6613NSE: Script scanning 74.206.167.239.
6614Initiating NSE at 03:08
6615Completed NSE at 03:11, 204.23s elapsed
6616Initiating NSE at 03:11
6617Completed NSE at 03:11, 2.24s elapsed
6618Nmap scan report for 74.206.167.239
6619Host is up (0.27s latency).
6620
6621PORT STATE SERVICE VERSION
6622443/tcp open ssl/http Apache httpd
6623|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
6624| http-brute:
6625|_ Path "/" does not require authentication
6626|_http-chrono: Request times for /; avg: 8094.97ms; min: 2521.57ms; max: 24861.14ms
6627|_http-csrf: Couldn't find any CSRF vulnerabilities.
6628|_http-date: Fri, 06 Dec 2019 08:08:44 GMT; 0s from local time.
6629|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
6630|_http-dombased-xss: Couldn't find any DOM based XSS.
6631|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
6632|_http-errors: Couldn't find any error pages.
6633|_http-feed: Couldn't find any feeds.
6634|_http-fetch: Please enter the complete path of the directory to save data in.
6635| http-headers:
6636| Date: Fri, 06 Dec 2019 08:08:51 GMT
6637| Server: Apache
6638| Location: https://www.karupspc.com/
6639| Cache-Control: max-age=172800
6640| Expires: Sun, 08 Dec 2019 08:08:51 GMT
6641| Vary: Accept-Encoding
6642| Content-Length: 233
6643| Connection: close
6644| Content-Type: text/html; charset=iso-8859-1
6645|
6646|_ (Request type: GET)
6647|_http-jsonp-detection: Couldn't find any JSONP endpoints.
6648| http-methods:
6649|_ Supported Methods: GET HEAD OPTIONS
6650|_http-mobileversion-checker: No mobile version detected.
6651|_http-passwd: ERROR: Script execution failed (use -d to debug)
6652| http-security-headers:
6653| Strict_Transport_Security:
6654| HSTS not configured in HTTPS Server
6655| Cache_Control:
6656| Header: Cache-Control: no-store, no-cache, must-revalidate
6657| Pragma:
6658| Header: Pragma: no-cache
6659| Expires:
6660|_ Header: Expires: Thu, 19 Nov 1981 08:52:00 GMT
6661|_http-server-header: Apache
6662| http-sitemap-generator:
6663| Directory structure:
6664| Longest directory structure:
6665| Depth: 0
6666| Dir: /
6667| Total files found (by extension):
6668|_
6669|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
6670|_http-title: Did not follow redirect to https://www.karupspc.com/
6671| http-trace: TRACE is enabled
6672| Headers:
6673| Date: Fri, 06 Dec 2019 08:08:23 GMT
6674| Server: Apache
6675| Connection: close
6676| Transfer-Encoding: chunked
6677|_Content-Type: message/http
6678| http-traceroute:
6679| HTML title
6680| Hop #1: 400 Bad Request
6681| Hop #2: 301 Moved Permanently
6682| Hop #3: 301 Moved Permanently
6683| Status Code
6684| Hop #1: 400
6685| Hop #2: 301
6686| Hop #3: 301
6687| content-length
6688| Hop #1: 362
6689| Hop #2: 233
6690| Hop #3: 233
6691| location
6692| Hop #1
6693| Hop #2: https://www.karupspc.com/
6694|_ Hop #3: https://www.karupspc.com/
6695|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
6696| http-vhosts:
6697| images : 400
6698| eshop : 400
6699| test : 400
6700| voip : 400
6701| mirror : 400
6702| mta : 400
6703| mysql : 400
6704| sip : 400
6705| 41 names had status ERROR
6706|_78 names had status 301
6707| http-wordpress-enum:
6708| Search limited to top 100 themes/plugins
6709| themes
6710| twentyeleven
6711| twentytwelve
6712| twentyten
6713| twentythirteen
6714| twentyfourteen
6715| twentyfifteen
6716| responsive
6717| customizr
6718| zerif-lite
6719| virtue
6720| storefront
6721| atahualpa
6722| twentysixteen
6723| vantage
6724| plugins
6725| akismet
6726| contact-form-7
6727| wordpress-seo
6728| jetpack
6729| all-in-one-seo-pack
6730| wordfence
6731| woocommerce
6732| google-sitemap-generator
6733| wordpress-importer
6734| nextgen-gallery
6735| google-analytics-for-wordpress
6736| wp-super-cache
6737| tinymce-advanced
6738| wptouch
6739| better-wp-security
6740| siteorigin-panels
6741| updraftplus
6742| w3-total-cache
6743| google-analytics-dashboard-for-wp
6744| wp-pagenavi
6745| si-contact-form
6746| advanced-custom-fields
6747| mailchimp-for-wp
6748| the-events-calendar
6749| add-to-any
6750| duplicator
6751| wysija-newsletters
6752| ninja-forms
6753| wp-smushit
6754| buddypress
6755| ewww-image-optimizer
6756| so-widgets-bundle
6757| really-simple-captcha
6758| ml-slider
6759| black-studio-tinymce-widget
6760| photo-gallery
6761| broken-link-checker
6762| regenerate-thumbnails
6763| google-analyticator
6764| redirection
6765| captcha
6766| duplicate-post
6767| breadcrumb-navxt
6768| backwpup
6769| user-role-editor
6770| yet-another-related-posts-plugin
6771| contact-form-plugin
6772| newsletter
6773| bbpress
6774| all-in-one-wp-security-and-firewall
6775| disable-comments
6776| social-networks-auto-poster-facebook-twitter-g
6777| wp-optimize
6778| addthis
6779| wp-statistics
6780| wp-e-commerce
6781| all-in-one-wp-migration
6782| backupwordpress
6783| si-captcha-for-wordpress
6784| wp-slimstat
6785| wp-google-maps
6786| wp-spamshield
6787| wp-maintenance-mode
6788| googleanalytics
6789| worker
6790| yith-woocommerce-wishlist
6791| wp-multibyte-patch
6792| wp-to-twitter
6793| image-widget
6794| wp-db-backup
6795| shortcodes-ultimate
6796| ultimate-tinymce
6797| share-this
6798| disqus-comment-system
6799| gallery-bank
6800| types
6801| wp-polls
6802| custom-post-type-ui
6803| shareaholic
6804| polylang
6805| post-types-order
6806| gtranslate
6807| bulletproof-security
6808| wp-fastest-cache
6809| facebook
6810| sociable
6811| iwp-client
6812| nextgen-facebook
6813| seo-ultimate
6814| wp-postviews
6815| formidable
6816| squirrly-seo
6817| wp-mail-smtp
6818| tablepress
6819| redux-framework
6820| page-links-to
6821| youtube-embed-plus
6822| contact-bank
6823| maintenance
6824|_ wp-retina-2x
6825|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
6826|_http-xssed: No previously reported XSS vuln.
6827| vulscan: VulDB - https://vuldb.com:
6828| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
6829| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
6830| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
6831| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
6832| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
6833| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
6834| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
6835| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
6836| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
6837| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
6838| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
6839| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
6840| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
6841| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
6842| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
6843| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
6844| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
6845| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
6846| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
6847| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
6848| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
6849| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
6850| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
6851| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
6852| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
6853| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
6854| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
6855| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
6856| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
6857| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
6858| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
6859| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
6860| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6861| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6862| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
6863| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
6864| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
6865| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
6866| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
6867| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
6868| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6869| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6870| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
6871| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
6872| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
6873| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6874| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6875| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
6876| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
6877| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6878| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6879| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
6880| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
6881| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
6882| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
6883| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
6884| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
6885| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
6886| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
6887| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
6888| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
6889| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6890| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6891| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
6892| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
6893| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6894| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
6895| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
6896| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
6897| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
6898| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
6899| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
6900| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
6901| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
6902| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
6903| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
6904| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
6905| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
6906| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
6907| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
6908| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
6909| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
6910| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
6911| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
6912| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
6913| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
6914| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
6915| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
6916| [136370] Apache Fineract up to 1.2.x sql injection
6917| [136369] Apache Fineract up to 1.2.x sql injection
6918| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
6919| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
6920| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
6921| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
6922| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
6923| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
6924| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
6925| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
6926| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
6927| [134416] Apache Sanselan 0.97-incubator Loop denial of service
6928| [134415] Apache Sanselan 0.97-incubator Hang denial of service
6929| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
6930| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
6931| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
6932| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
6933| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
6934| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
6935| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
6936| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
6937| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
6938| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
6939| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
6940| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
6941| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
6942| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
6943| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
6944| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
6945| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
6946| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
6947| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
6948| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
6949| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
6950| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
6951| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
6952| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
6953| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
6954| [131859] Apache Hadoop up to 2.9.1 privilege escalation
6955| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
6956| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
6957| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
6958| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
6959| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
6960| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
6961| [130629] Apache Guacamole Cookie Flag weak encryption
6962| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
6963| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
6964| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
6965| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
6966| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
6967| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
6968| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
6969| [130123] Apache Airflow up to 1.8.2 information disclosure
6970| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
6971| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
6972| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
6973| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
6974| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6975| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6976| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
6977| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
6978| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
6979| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
6980| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
6981| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
6982| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
6983| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
6984| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
6985| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
6986| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
6987| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
6988| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6989| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
6990| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6991| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
6992| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
6993| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
6994| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
6995| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
6996| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
6997| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
6998| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
6999| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7000| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7001| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7002| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7003| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7004| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7005| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7006| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7007| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7008| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7009| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7010| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7011| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7012| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7013| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7014| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7015| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7016| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7017| [127007] Apache Spark Request Code Execution
7018| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7019| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7020| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7021| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7022| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7023| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7024| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7025| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7026| [126346] Apache Tomcat Path privilege escalation
7027| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7028| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7029| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7030| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7031| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7032| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7033| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7034| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7035| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7036| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7037| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7038| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7039| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7040| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7041| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7042| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7043| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7044| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7045| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7046| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7047| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7048| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7049| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7050| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7051| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7052| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7053| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7054| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7055| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7056| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7057| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7058| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7059| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7060| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7061| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7062| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7063| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7064| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7065| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7066| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7067| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7068| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7069| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7070| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7071| [123197] Apache Sentry up to 2.0.0 privilege escalation
7072| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7073| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7074| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7075| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7076| [122800] Apache Spark 1.3.0 REST API weak authentication
7077| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7078| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7079| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7080| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7081| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7082| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7083| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7084| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7085| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7086| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7087| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7088| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7089| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7090| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7091| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7092| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7093| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7094| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7095| [121354] Apache CouchDB HTTP API Code Execution
7096| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7097| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7098| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7099| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7100| [120168] Apache CXF weak authentication
7101| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7102| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7103| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7104| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7105| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7106| [119306] Apache MXNet Network Interface privilege escalation
7107| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7108| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7109| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7110| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7111| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7112| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7113| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7114| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7115| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7116| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7117| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7118| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7119| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7120| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7121| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7122| [117115] Apache Tika up to 1.17 tika-server command injection
7123| [116929] Apache Fineract getReportType Parameter privilege escalation
7124| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7125| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7126| [116926] Apache Fineract REST Parameter privilege escalation
7127| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7128| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7129| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7130| [115883] Apache Hive up to 2.3.2 privilege escalation
7131| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7132| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7133| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7134| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7135| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7136| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7137| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7138| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7139| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7140| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7141| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7142| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7143| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7144| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7145| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7146| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7147| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7148| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7149| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7150| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7151| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7152| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7153| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7154| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7155| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7156| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7157| [113895] Apache Geode up to 1.3.x Code Execution
7158| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7159| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7160| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7161| [113747] Apache Tomcat Servlets privilege escalation
7162| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7163| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7164| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7165| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7166| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7167| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7168| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7169| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7170| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7171| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7172| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7173| [112885] Apache Allura up to 1.8.0 File information disclosure
7174| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7175| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7176| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7177| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7178| [112625] Apache POI up to 3.16 Loop denial of service
7179| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7180| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7181| [112339] Apache NiFi 1.5.0 Header privilege escalation
7182| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7183| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7184| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7185| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7186| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7187| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7188| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7189| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7190| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7191| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7192| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7193| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7194| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7195| [112114] Oracle 9.1 Apache Log4j privilege escalation
7196| [112113] Oracle 9.1 Apache Log4j privilege escalation
7197| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7198| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7199| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7200| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7201| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7202| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7203| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7204| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7205| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7206| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7207| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7208| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7209| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7210| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7211| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7212| [110701] Apache Fineract Query Parameter sql injection
7213| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7214| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7215| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7216| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7217| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7218| [110106] Apache CXF Fediz Spring cross site request forgery
7219| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7220| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7221| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7222| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7223| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7224| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7225| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7226| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7227| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7228| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7229| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7230| [108938] Apple macOS up to 10.13.1 apache denial of service
7231| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7232| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7233| [108935] Apple macOS up to 10.13.1 apache denial of service
7234| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7235| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7236| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7237| [108931] Apple macOS up to 10.13.1 apache denial of service
7238| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7239| [108929] Apple macOS up to 10.13.1 apache denial of service
7240| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7241| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7242| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7243| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7244| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7245| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7246| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7247| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7248| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7249| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7250| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7251| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7252| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7253| [108782] Apache Xerces2 XML Service denial of service
7254| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7255| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7256| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7257| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7258| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7259| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7260| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7261| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7262| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7263| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7264| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7265| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7266| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7267| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7268| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7269| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7270| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7271| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7272| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7273| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7274| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7275| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7276| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7277| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7278| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7279| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7280| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7281| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7282| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7283| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7284| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7285| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7286| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7287| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7288| [107639] Apache NiFi 1.4.0 XML External Entity
7289| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7290| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7291| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7292| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7293| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7294| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7295| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7296| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7297| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7298| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7299| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7300| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7301| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7302| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7303| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7304| [107084] Apache Struts up to 2.3.19 cross site scripting
7305| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7306| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7307| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7308| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7309| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7310| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7311| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7312| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7313| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7314| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7315| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7316| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7317| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7318| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7319| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7320| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7321| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7322| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7323| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7324| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7325| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7326| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7327| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7328| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7329| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7330| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7331| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7332| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7333| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7334| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7335| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7336| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7337| [105643] Apache Pony Mail up to 0.8b weak authentication
7338| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7339| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7340| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7341| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7342| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7343| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7344| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7345| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7346| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7347| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7348| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7349| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7350| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7351| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7352| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7353| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7354| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7355| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7356| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7357| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7358| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7359| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7360| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7361| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7362| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7363| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7364| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7365| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7366| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7367| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7368| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7369| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7370| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7371| [103690] Apache OpenMeetings 1.0.0 sql injection
7372| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7373| [103688] Apache OpenMeetings 1.0.0 weak encryption
7374| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7375| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7376| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7377| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7378| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7379| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7380| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7381| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7382| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7383| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7384| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7385| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7386| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7387| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7388| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7389| [103352] Apache Solr Node weak authentication
7390| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7391| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7392| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7393| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7394| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7395| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7396| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7397| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7398| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7399| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7400| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7401| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7402| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7403| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7404| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7405| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7406| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7407| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7408| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7409| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7410| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7411| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7412| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7413| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7414| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7415| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7416| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7417| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7418| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7419| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7420| [99937] Apache Batik up to 1.8 privilege escalation
7421| [99936] Apache FOP up to 2.1 privilege escalation
7422| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7423| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7424| [99930] Apache Traffic Server up to 6.2.0 denial of service
7425| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7426| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7427| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7428| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7429| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7430| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7431| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7432| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7433| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7434| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7435| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7436| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7437| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7438| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7439| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7440| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7441| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7442| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7443| [98605] Apple macOS up to 10.12.3 Apache denial of service
7444| [98604] Apple macOS up to 10.12.3 Apache denial of service
7445| [98603] Apple macOS up to 10.12.3 Apache denial of service
7446| [98602] Apple macOS up to 10.12.3 Apache denial of service
7447| [98601] Apple macOS up to 10.12.3 Apache denial of service
7448| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7449| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7450| [98199] Apache Camel Validation XML External Entity
7451| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7452| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7453| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7454| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7455| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7456| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7457| [97081] Apache Tomcat HTTPS Request denial of service
7458| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7459| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7460| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7461| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7462| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7463| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7464| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7465| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7466| [95311] Apache Storm UI Daemon privilege escalation
7467| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7468| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7469| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7470| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7471| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7472| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7473| [94540] Apache Tika 1.9 tika-server File information disclosure
7474| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7475| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7476| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7477| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7478| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7479| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7480| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7481| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7482| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7483| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7484| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7485| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7486| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7487| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7488| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7489| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7490| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7491| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7492| [93532] Apache Commons Collections Library Java privilege escalation
7493| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7494| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7495| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7496| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7497| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7498| [93098] Apache Commons FileUpload privilege escalation
7499| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7500| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7501| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7502| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7503| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7504| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7505| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7506| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7507| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7508| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7509| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7510| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7511| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7512| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7513| [92549] Apache Tomcat on Red Hat privilege escalation
7514| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7515| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7516| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7517| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7518| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7519| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7520| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7521| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7522| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7523| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7524| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7525| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7526| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7527| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7528| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7529| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7530| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7531| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7532| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7533| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7534| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7535| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7536| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7537| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7538| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7539| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7540| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7541| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7542| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7543| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7544| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7545| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7546| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7547| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7548| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7549| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7550| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7551| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7552| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7553| [90263] Apache Archiva Header denial of service
7554| [90262] Apache Archiva Deserialize privilege escalation
7555| [90261] Apache Archiva XML DTD Connection privilege escalation
7556| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7557| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7558| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7559| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7560| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7561| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7562| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7563| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7564| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7565| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7566| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7567| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7568| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7569| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7570| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7571| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7572| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7573| [87765] Apache James Server 2.3.2 Command privilege escalation
7574| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7575| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7576| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7577| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7578| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7579| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7580| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7581| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7582| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7583| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7584| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7585| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7586| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7587| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7588| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7589| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7590| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7591| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7592| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7593| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7594| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7595| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7596| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7597| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7598| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7599| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7600| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7601| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7602| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7603| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7604| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7605| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7606| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7607| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7608| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7609| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7610| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7611| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7612| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7613| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7614| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7615| [82076] Apache Ranger up to 0.5.1 privilege escalation
7616| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7617| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7618| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7619| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7620| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7621| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7622| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7623| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7624| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7625| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7626| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7627| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7628| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7629| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7630| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7631| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7632| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7633| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7634| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7635| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7636| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7637| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7638| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7639| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7640| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7641| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7642| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7643| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7644| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7645| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7646| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7647| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7648| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7649| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7650| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7651| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7652| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7653| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7654| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7655| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7656| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7657| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7658| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7659| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7660| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7661| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7662| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7663| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7664| [78989] Apache Ambari up to 2.1.1 Open Redirect
7665| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7666| [78987] Apache Ambari up to 2.0.x cross site scripting
7667| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7668| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7669| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7670| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7671| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7672| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7673| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7674| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7675| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7676| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7677| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7678| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7679| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7680| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7681| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7682| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7683| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7684| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7685| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7686| [76567] Apache Struts 2.3.20 unknown vulnerability
7687| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7688| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7689| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7690| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7691| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7692| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7693| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7694| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7695| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7696| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7697| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7698| [74793] Apache Tomcat File Upload denial of service
7699| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7700| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7701| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7702| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7703| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
7704| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
7705| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
7706| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
7707| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
7708| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
7709| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
7710| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
7711| [74468] Apache Batik up to 1.6 denial of service
7712| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
7713| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
7714| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
7715| [74174] Apache WSS4J up to 2.0.0 privilege escalation
7716| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
7717| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
7718| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
7719| [73731] Apache XML Security unknown vulnerability
7720| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
7721| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
7722| [73593] Apache Traffic Server up to 5.1.0 denial of service
7723| [73511] Apache POI up to 3.10 Deadlock denial of service
7724| [73510] Apache Solr up to 4.3.0 cross site scripting
7725| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7726| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
7727| [73173] Apache CloudStack Stack-Based unknown vulnerability
7728| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
7729| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
7730| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
7731| [72890] Apache Qpid 0.30 unknown vulnerability
7732| [72887] Apache Hive 0.13.0 File Permission privilege escalation
7733| [72878] Apache Cordova 3.5.0 cross site request forgery
7734| [72877] Apache Cordova 3.5.0 cross site request forgery
7735| [72876] Apache Cordova 3.5.0 cross site request forgery
7736| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
7737| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
7738| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
7739| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
7740| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7741| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7742| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
7743| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
7744| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
7745| [71629] Apache Axis2/C spoofing
7746| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
7747| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
7748| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
7749| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
7750| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
7751| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
7752| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
7753| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
7754| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
7755| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
7756| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
7757| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
7758| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
7759| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
7760| [70809] Apache POI up to 3.11 Crash denial of service
7761| [70808] Apache POI up to 3.10 unknown vulnerability
7762| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
7763| [70749] Apache Axis up to 1.4 getCN spoofing
7764| [70701] Apache Traffic Server up to 3.3.5 denial of service
7765| [70700] Apache OFBiz up to 12.04.03 cross site scripting
7766| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
7767| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
7768| [70661] Apache Subversion up to 1.6.17 denial of service
7769| [70660] Apache Subversion up to 1.6.17 spoofing
7770| [70659] Apache Subversion up to 1.6.17 spoofing
7771| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
7772| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
7773| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
7774| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
7775| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
7776| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
7777| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
7778| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
7779| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
7780| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
7781| [69846] Apache HBase up to 0.94.8 information disclosure
7782| [69783] Apache CouchDB up to 1.2.0 memory corruption
7783| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
7784| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
7785| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
7786| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
7787| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
7788| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
7789| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
7790| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
7791| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
7792| [69431] Apache Archiva up to 1.3.6 cross site scripting
7793| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
7794| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
7795| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
7796| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
7797| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
7798| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
7799| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
7800| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
7801| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
7802| [66739] Apache Camel up to 2.12.2 unknown vulnerability
7803| [66738] Apache Camel up to 2.12.2 unknown vulnerability
7804| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
7805| [66695] Apache CouchDB up to 1.2.0 cross site scripting
7806| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
7807| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
7808| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
7809| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
7810| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
7811| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
7812| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
7813| [66356] Apache Wicket up to 6.8.0 information disclosure
7814| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
7815| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
7816| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7817| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
7818| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
7819| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7820| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7821| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
7822| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
7823| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
7824| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
7825| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
7826| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
7827| [65668] Apache Solr 4.0.0 Updater denial of service
7828| [65665] Apache Solr up to 4.3.0 denial of service
7829| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
7830| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
7831| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
7832| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
7833| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
7834| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
7835| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
7836| [65410] Apache Struts 2.3.15.3 cross site scripting
7837| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
7838| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
7839| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
7840| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
7841| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
7842| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
7843| [65340] Apache Shindig 2.5.0 information disclosure
7844| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
7845| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
7846| [10826] Apache Struts 2 File privilege escalation
7847| [65204] Apache Camel up to 2.10.1 unknown vulnerability
7848| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
7849| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
7850| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
7851| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
7852| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
7853| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
7854| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
7855| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
7856| [64722] Apache XML Security for C++ Heap-based memory corruption
7857| [64719] Apache XML Security for C++ Heap-based memory corruption
7858| [64718] Apache XML Security for C++ verify denial of service
7859| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
7860| [64716] Apache XML Security for C++ spoofing
7861| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
7862| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
7863| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
7864| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
7865| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
7866| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
7867| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
7868| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
7869| [64485] Apache Struts up to 2.2.3.0 privilege escalation
7870| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
7871| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
7872| [64467] Apache Geronimo 3.0 memory corruption
7873| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
7874| [64457] Apache Struts up to 2.2.3.0 cross site scripting
7875| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
7876| [9184] Apache Qpid up to 0.20 SSL misconfiguration
7877| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
7878| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
7879| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
7880| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
7881| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
7882| [8873] Apache Struts 2.3.14 privilege escalation
7883| [8872] Apache Struts 2.3.14 privilege escalation
7884| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
7885| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
7886| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
7887| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
7888| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
7889| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7890| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7891| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
7892| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
7893| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
7894| [64006] Apache ActiveMQ up to 5.7.0 denial of service
7895| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
7896| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
7897| [8427] Apache Tomcat Session Transaction weak authentication
7898| [63960] Apache Maven 3.0.4 Default Configuration spoofing
7899| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
7900| [63750] Apache qpid up to 0.20 checkAvailable denial of service
7901| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
7902| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
7903| [63747] Apache Rave up to 0.20 User Account information disclosure
7904| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
7905| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
7906| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
7907| [7687] Apache CXF up to 2.7.2 Token weak authentication
7908| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7909| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7910| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
7911| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
7912| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
7913| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
7914| [63090] Apache Tomcat up to 4.1.24 denial of service
7915| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
7916| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
7917| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
7918| [62833] Apache CXF -/2.6.0 spoofing
7919| [62832] Apache Axis2 up to 1.6.2 spoofing
7920| [62831] Apache Axis up to 1.4 Java Message Service spoofing
7921| [62830] Apache Commons-httpclient 3.0 Payments spoofing
7922| [62826] Apache Libcloud up to 0.11.0 spoofing
7923| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
7924| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
7925| [62661] Apache Axis2 unknown vulnerability
7926| [62658] Apache Axis2 unknown vulnerability
7927| [62467] Apache Qpid up to 0.17 denial of service
7928| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
7929| [6301] Apache HTTP Server mod_pagespeed cross site scripting
7930| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
7931| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
7932| [62035] Apache Struts up to 2.3.4 denial of service
7933| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
7934| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
7935| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
7936| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
7937| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
7938| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
7939| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
7940| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
7941| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
7942| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
7943| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
7944| [61229] Apache Sling up to 2.1.1 denial of service
7945| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
7946| [61094] Apache Roller up to 5.0 cross site scripting
7947| [61093] Apache Roller up to 5.0 cross site request forgery
7948| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
7949| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
7950| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
7951| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
7952| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
7953| [60708] Apache Qpid 0.12 unknown vulnerability
7954| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
7955| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
7956| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
7957| [4882] Apache Wicket up to 1.5.4 directory traversal
7958| [4881] Apache Wicket up to 1.4.19 cross site scripting
7959| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
7960| [60352] Apache Struts up to 2.2.3 memory corruption
7961| [60153] Apache Portable Runtime up to 1.4.3 denial of service
7962| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
7963| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
7964| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
7965| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
7966| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
7967| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
7968| [4571] Apache Struts up to 2.3.1.2 privilege escalation
7969| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
7970| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
7971| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
7972| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
7973| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
7974| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
7975| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7976| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
7977| [59888] Apache Tomcat up to 6.0.6 denial of service
7978| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
7979| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
7980| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
7981| [59850] Apache Geronimo up to 2.2.1 denial of service
7982| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
7983| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
7984| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
7985| [58413] Apache Tomcat up to 6.0.10 spoofing
7986| [58381] Apache Wicket up to 1.4.17 cross site scripting
7987| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
7988| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
7989| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
7990| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
7991| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
7992| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
7993| [57568] Apache Archiva up to 1.3.4 cross site scripting
7994| [57567] Apache Archiva up to 1.3.4 cross site request forgery
7995| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
7996| [4355] Apache HTTP Server APR apr_fnmatch denial of service
7997| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
7998| [57425] Apache Struts up to 2.2.1.1 cross site scripting
7999| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8000| [57025] Apache Tomcat up to 7.0.11 information disclosure
8001| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8002| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8003| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8004| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8005| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8006| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8007| [56512] Apache Continuum up to 1.4.0 cross site scripting
8008| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8009| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8010| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8011| [56441] Apache Tomcat up to 7.0.6 denial of service
8012| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8013| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8014| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8015| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8016| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8017| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8018| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8019| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8020| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8021| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8022| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8023| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8024| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8025| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8026| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8027| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8028| [54012] Apache Tomcat up to 6.0.10 denial of service
8029| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8030| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8031| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8032| [52894] Apache Tomcat up to 6.0.7 information disclosure
8033| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8034| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8035| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8036| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8037| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8038| [52584] Apache CouchDB up to 0.10.1 information disclosure
8039| [51757] Apache HTTP Server 2.0.44 cross site scripting
8040| [51756] Apache HTTP Server 2.0.44 spoofing
8041| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8042| [51690] Apache Tomcat up to 6.0 directory traversal
8043| [51689] Apache Tomcat up to 6.0 information disclosure
8044| [51688] Apache Tomcat up to 6.0 directory traversal
8045| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8046| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8047| [50626] Apache Solr 1.0.0 cross site scripting
8048| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8049| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8050| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8051| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8052| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8053| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8054| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8055| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8056| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8057| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8058| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8059| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8060| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8061| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8062| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8063| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8064| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8065| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8066| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8067| [47214] Apachefriends xampp 1.6.8 spoofing
8068| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8069| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8070| [47065] Apache Tomcat 4.1.23 cross site scripting
8071| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8072| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8073| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8074| [86625] Apache Struts directory traversal
8075| [44461] Apache Tomcat up to 5.5.0 information disclosure
8076| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8077| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8078| [43663] Apache Tomcat up to 6.0.16 directory traversal
8079| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8080| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8081| [43516] Apache Tomcat up to 4.1.20 directory traversal
8082| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8083| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8084| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8085| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8086| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8087| [40924] Apache Tomcat up to 6.0.15 information disclosure
8088| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8089| [40922] Apache Tomcat up to 6.0 information disclosure
8090| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8091| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8092| [40656] Apache Tomcat 5.5.20 information disclosure
8093| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8094| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8095| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8096| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8097| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8098| [40234] Apache Tomcat up to 6.0.15 directory traversal
8099| [40221] Apache HTTP Server 2.2.6 information disclosure
8100| [40027] David Castro Apache Authcas 0.4 sql injection
8101| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8102| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8103| [3414] Apache Tomcat WebDAV Stored privilege escalation
8104| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8105| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8106| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8107| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8108| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8109| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8110| [38524] Apache Geronimo 2.0 unknown vulnerability
8111| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8112| [38331] Apache Tomcat 4.1.24 information disclosure
8113| [38330] Apache Tomcat 4.1.24 information disclosure
8114| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8115| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8116| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8117| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8118| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8119| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8120| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8121| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8122| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8123| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8124| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8125| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8126| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8127| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8128| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8129| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8130| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8131| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8132| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8133| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8134| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8135| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8136| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8137| [34252] Apache HTTP Server denial of service
8138| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8139| [33877] Apache Opentaps 0.9.3 cross site scripting
8140| [33876] Apache Open For Business Project unknown vulnerability
8141| [33875] Apache Open For Business Project cross site scripting
8142| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8143| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8144|
8145| MITRE CVE - https://cve.mitre.org:
8146| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8147| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8148| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8149| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8150| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8151| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8152| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8153| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8154| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8155| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8156| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8157| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8158| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8159| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8160| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8161| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8162| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8163| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8164| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8165| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8166| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8167| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8168| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8169| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8170| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8171| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8172| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8173| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8174| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8175| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8176| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8177| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8178| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8179| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8180| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8181| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8182| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8183| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8184| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8185| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8186| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8187| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8188| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8189| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8190| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8191| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8192| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8193| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8194| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8195| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8196| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8197| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8198| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8199| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8200| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8201| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8202| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8203| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8204| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8205| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8206| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8207| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8208| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8209| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8210| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8211| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8212| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8213| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8214| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8215| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8216| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8217| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8218| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8219| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8220| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8221| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8222| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8223| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8224| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8225| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8226| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8227| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8228| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8229| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8230| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8231| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8232| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8233| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8234| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8235| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8236| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8237| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8238| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8239| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8240| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8241| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8242| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8243| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8244| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8245| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8246| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8247| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8248| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8249| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8250| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8251| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8252| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8253| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8254| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8255| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8256| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8257| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8258| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8259| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8260| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8261| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8262| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8263| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8264| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8265| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8266| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8267| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8268| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8269| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8270| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8271| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8272| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8273| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8274| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8275| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8276| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8277| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8278| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8279| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8280| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8281| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8282| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8283| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8284| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8285| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8286| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8287| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8288| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8289| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8290| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8291| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8292| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8293| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8294| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8295| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8296| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8297| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8298| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8299| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8300| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8301| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8302| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8303| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8304| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8305| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8306| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8307| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8308| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8309| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8310| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8311| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8312| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8313| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8314| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8315| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8316| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8317| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8318| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8319| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8320| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8321| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8322| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8323| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8324| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8325| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8326| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8327| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8328| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8329| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8330| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8331| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8332| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8333| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8334| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8335| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8336| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8337| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8338| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8339| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8340| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8341| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8342| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8343| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8344| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8345| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8346| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8347| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8348| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8349| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8350| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8351| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8352| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8353| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8354| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8355| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8356| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8357| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8358| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8359| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8360| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8361| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8362| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8363| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8364| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8365| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8366| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8367| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8368| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8369| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8370| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8371| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8372| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8373| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8374| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8375| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8376| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8377| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8378| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8379| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8380| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8381| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8382| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8383| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8384| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8385| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8386| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8387| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8388| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8389| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8390| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8391| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8392| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8393| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8394| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8395| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8396| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8397| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8398| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8399| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8400| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8401| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8402| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8403| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8404| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8405| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8406| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8407| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8408| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8409| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8410| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8411| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8412| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8413| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8414| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8415| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8416| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8417| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8418| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8419| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8420| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8421| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8422| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8423| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8424| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8425| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8426| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8427| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8428| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8429| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8430| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8431| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8432| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8433| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8434| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8435| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8436| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8437| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8438| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8439| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8440| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8441| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8442| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8443| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8444| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8445| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8446| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8447| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8448| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8449| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8450| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8451| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8452| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8453| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8454| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8455| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8456| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8457| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8458| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8459| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8460| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8461| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8462| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8463| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8464| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8465| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8466| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8467| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8468| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8469| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8470| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8471| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8472| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8473| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8474| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8475| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8476| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8477| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8478| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8479| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8480| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8481| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8482| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8483| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8484| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8485| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8486| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8487| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8488| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8489| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8490| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8491| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8492| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8493| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8494| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8495| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8496| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8497| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8498| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8499| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8500| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8501| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8502| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8503| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8504| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8505| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8506| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8507| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8508| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8509| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8510| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8511| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8512| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8513| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8514| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8515| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8516| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8517| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8518| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8519| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8520| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8521| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8522| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8523| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8524| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8525| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8526| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8527| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8528| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8529| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8530| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8531| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8532| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8533| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8534| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8535| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8536| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8537| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8538| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8539| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8540| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8541| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8542| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8543| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8544| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8545| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8546| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8547| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8548| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8549| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8550| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8551| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8552| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8553| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8554| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8555| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8556| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8557| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8558| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8559| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8560| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8561| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8562| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8563| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8564| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8565| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8566| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8567| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8568| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8569| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8570| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8571| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8572| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8573| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8574| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8575| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8576| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8577| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8578| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8579| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8580| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8581| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8582| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8583| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8584| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8585| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8586| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8587| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8588| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8589| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8590| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8591| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8592| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8593| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8594| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8595| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8596| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8597| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8598| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8599| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8600| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8601| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8602| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8603| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8604| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8605| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8606| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8607| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8608| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8609| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8610| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8611| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8612| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8613| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8614| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8615| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8616| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8617| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8618| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8619| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8620| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8621| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8622| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8623| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8624| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8625| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8626| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8627| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8628| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8629| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8630| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8631| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8632| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8633| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8634| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8635| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8636| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8637| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8638| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8639| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8640| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8641| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8642| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8643| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8644| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8645| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8646| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8647| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8648| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8649| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8650| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8651| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8652| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8653| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8654| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8655| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8656| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8657| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8658| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8659| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8660| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8661| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8662| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8663| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8664| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8665| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8666| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8667| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8668| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8669| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8670| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8671| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8672| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8673| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8674| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8675| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8676| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8677| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8678| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8679| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8680| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8681| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8682| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8683| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8684| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8685| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8686| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8687| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8688| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8689| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8690| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8691| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8692| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8693| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8694| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8695| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8696| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8697| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8698| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8699| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8700| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8701| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8702| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8703| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
8704| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
8705| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
8706| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
8707| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
8708| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
8709| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
8710| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
8711| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
8712| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8713| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
8714| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
8715| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
8716| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
8717| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
8718| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
8719| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
8720| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
8721| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
8722| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
8723| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
8724| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
8725| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
8726| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
8727| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
8728| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
8729| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
8730| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
8731| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
8732| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
8733| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
8734| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
8735| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
8736| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
8737| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
8738| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
8739| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
8740| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
8741| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
8742| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
8743| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
8744| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
8745| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
8746| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
8747| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
8748| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
8749| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
8750| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
8751| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
8752| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
8753| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
8754| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
8755|
8756| SecurityFocus - https://www.securityfocus.com/bid/:
8757| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
8758| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
8759| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
8760| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
8761| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
8762| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
8763| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
8764| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
8765| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
8766| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
8767| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
8768| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
8769| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
8770| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
8771| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
8772| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
8773| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
8774| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
8775| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
8776| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
8777| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
8778| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
8779| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
8780| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
8781| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
8782| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
8783| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
8784| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
8785| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
8786| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
8787| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
8788| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
8789| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
8790| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
8791| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
8792| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
8793| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
8794| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
8795| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
8796| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
8797| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
8798| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
8799| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
8800| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
8801| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
8802| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
8803| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
8804| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
8805| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
8806| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
8807| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
8808| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
8809| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
8810| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
8811| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
8812| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
8813| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
8814| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
8815| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
8816| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
8817| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
8818| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
8819| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
8820| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
8821| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
8822| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
8823| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
8824| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
8825| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
8826| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
8827| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
8828| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
8829| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
8830| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
8831| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
8832| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
8833| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
8834| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
8835| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
8836| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
8837| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
8838| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
8839| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
8840| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
8841| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
8842| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
8843| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
8844| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
8845| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
8846| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
8847| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
8848| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
8849| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
8850| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
8851| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
8852| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
8853| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
8854| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
8855| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
8856| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
8857| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
8858| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
8859| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
8860| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
8861| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
8862| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
8863| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
8864| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
8865| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
8866| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
8867| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
8868| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
8869| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
8870| [100447] Apache2Triad Multiple Security Vulnerabilities
8871| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
8872| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
8873| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
8874| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
8875| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
8876| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
8877| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
8878| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
8879| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
8880| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
8881| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
8882| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
8883| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
8884| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
8885| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
8886| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
8887| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
8888| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
8889| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
8890| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
8891| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
8892| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
8893| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
8894| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
8895| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
8896| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
8897| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
8898| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
8899| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
8900| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
8901| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
8902| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
8903| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
8904| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
8905| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
8906| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
8907| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
8908| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
8909| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
8910| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
8911| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
8912| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
8913| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
8914| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
8915| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
8916| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
8917| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
8918| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
8919| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
8920| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
8921| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
8922| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
8923| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
8924| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
8925| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
8926| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
8927| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
8928| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
8929| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
8930| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
8931| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
8932| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
8933| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
8934| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
8935| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
8936| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
8937| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
8938| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
8939| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
8940| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
8941| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
8942| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
8943| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
8944| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
8945| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
8946| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
8947| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
8948| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
8949| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
8950| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
8951| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
8952| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
8953| [95675] Apache Struts Remote Code Execution Vulnerability
8954| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
8955| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
8956| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
8957| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
8958| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
8959| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
8960| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
8961| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
8962| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
8963| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
8964| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
8965| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
8966| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
8967| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
8968| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
8969| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
8970| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
8971| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
8972| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
8973| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
8974| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
8975| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
8976| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
8977| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
8978| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
8979| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
8980| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
8981| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
8982| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
8983| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
8984| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
8985| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
8986| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
8987| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
8988| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
8989| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
8990| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
8991| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
8992| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
8993| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
8994| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
8995| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
8996| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
8997| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
8998| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
8999| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9000| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9001| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9002| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9003| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9004| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9005| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9006| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9007| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9008| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9009| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9010| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9011| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9012| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9013| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9014| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9015| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9016| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9017| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9018| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9019| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9020| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9021| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9022| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9023| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9024| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9025| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9026| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9027| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9028| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9029| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9030| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9031| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9032| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9033| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9034| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9035| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9036| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9037| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9038| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9039| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9040| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9041| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9042| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9043| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9044| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9045| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9046| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9047| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9048| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9049| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9050| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9051| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9052| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9053| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9054| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9055| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9056| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9057| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9058| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9059| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9060| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9061| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9062| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9063| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9064| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9065| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9066| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9067| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9068| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9069| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9070| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9071| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9072| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9073| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9074| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9075| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9076| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9077| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9078| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9079| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9080| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9081| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9082| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9083| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9084| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9085| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9086| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9087| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9088| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9089| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9090| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9091| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9092| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9093| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9094| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9095| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9096| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9097| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9098| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9099| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9100| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9101| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9102| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9103| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9104| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9105| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9106| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9107| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9108| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9109| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9110| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9111| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9112| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9113| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9114| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9115| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9116| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9117| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9118| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9119| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9120| [76933] Apache James Server Unspecified Command Execution Vulnerability
9121| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9122| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9123| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9124| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9125| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9126| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9127| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9128| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9129| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9130| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9131| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9132| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9133| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9134| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9135| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9136| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9137| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9138| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9139| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9140| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9141| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9142| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9143| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9144| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9145| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9146| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9147| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9148| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9149| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9150| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9151| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9152| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9153| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9154| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9155| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9156| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9157| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9158| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9159| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9160| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9161| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9162| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9163| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9164| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9165| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9166| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9167| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9168| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9169| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9170| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9171| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9172| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9173| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9174| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9175| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9176| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9177| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9178| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9179| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9180| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9181| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9182| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9183| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9184| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9185| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9186| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9187| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9188| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9189| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9190| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9191| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9192| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9193| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9194| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9195| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9196| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9197| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9198| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9199| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9200| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9201| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9202| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9203| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9204| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9205| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9206| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9207| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9208| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9209| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9210| [68229] Apache Harmony PRNG Entropy Weakness
9211| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9212| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9213| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9214| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9215| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9216| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9217| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9218| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9219| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9220| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9221| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9222| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9223| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9224| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9225| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9226| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9227| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9228| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9229| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9230| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9231| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9232| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9233| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9234| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9235| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9236| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9237| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9238| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9239| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9240| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9241| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9242| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9243| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9244| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9245| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9246| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9247| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9248| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9249| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9250| [64780] Apache CloudStack Unauthorized Access Vulnerability
9251| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9252| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9253| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9254| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9255| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9256| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9257| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9258| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9259| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9260| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9261| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9262| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9263| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9264| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9265| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9266| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9267| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9268| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9269| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9270| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9271| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9272| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9273| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9274| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9275| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9276| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9277| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9278| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9279| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9280| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9281| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9282| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9283| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9284| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9285| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9286| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9287| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9288| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9289| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9290| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9291| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9292| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9293| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9294| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9295| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9296| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9297| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9298| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9299| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9300| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9301| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9302| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9303| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9304| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9305| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9306| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9307| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9308| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9309| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9310| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9311| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9312| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9313| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9314| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9315| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9316| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9317| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9318| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9319| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9320| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9321| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9322| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9323| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9324| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9325| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9326| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9327| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9328| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9329| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9330| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9331| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9332| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9333| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9334| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9335| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9336| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9337| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9338| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9339| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9340| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9341| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9342| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9343| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9344| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9345| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9346| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9347| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9348| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9349| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9350| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9351| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9352| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9353| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9354| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9355| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9356| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9357| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9358| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9359| [54798] Apache Libcloud Man In The Middle Vulnerability
9360| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9361| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9362| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9363| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9364| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9365| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9366| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9367| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9368| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9369| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9370| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9371| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9372| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9373| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9374| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9375| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9376| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9377| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9378| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9379| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9380| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9381| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9382| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9383| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9384| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9385| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9386| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9387| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9388| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9389| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9390| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9391| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9392| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9393| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9394| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9395| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9396| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9397| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9398| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9399| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9400| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9401| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9402| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9403| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9404| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9405| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9406| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9407| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9408| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9409| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9410| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9411| [49290] Apache Wicket Cross Site Scripting Vulnerability
9412| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9413| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9414| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9415| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9416| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9417| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9418| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9419| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9420| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9421| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9422| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9423| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9424| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9425| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9426| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9427| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9428| [46953] Apache MPM-ITK Module Security Weakness
9429| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9430| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9431| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9432| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9433| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9434| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9435| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9436| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9437| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9438| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9439| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9440| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9441| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9442| [44616] Apache Shiro Directory Traversal Vulnerability
9443| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9444| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9445| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9446| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9447| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9448| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9449| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9450| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9451| [42492] Apache CXF XML DTD Processing Security Vulnerability
9452| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9453| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9454| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9455| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9456| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9457| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9458| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9459| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9460| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9461| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9462| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9463| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9464| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9465| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9466| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9467| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9468| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9469| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9470| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9471| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9472| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9473| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9474| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9475| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9476| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9477| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9478| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9479| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9480| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9481| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9482| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9483| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9484| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9485| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9486| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9487| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9488| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9489| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9490| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9491| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9492| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9493| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9494| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9495| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9496| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9497| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9498| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9499| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9500| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9501| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9502| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9503| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9504| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9505| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9506| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9507| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9508| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9509| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9510| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9511| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9512| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9513| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9514| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9515| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9516| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9517| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9518| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9519| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9520| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9521| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9522| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9523| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9524| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9525| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9526| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9527| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9528| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9529| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9530| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9531| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9532| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9533| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9534| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9535| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9536| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9537| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9538| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9539| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9540| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9541| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9542| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9543| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9544| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9545| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9546| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9547| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9548| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9549| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9550| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9551| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9552| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9553| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9554| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9555| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9556| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9557| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9558| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9559| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9560| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9561| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9562| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9563| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9564| [20527] Apache Mod_TCL Remote Format String Vulnerability
9565| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9566| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9567| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9568| [19106] Apache Tomcat Information Disclosure Vulnerability
9569| [18138] Apache James SMTP Denial Of Service Vulnerability
9570| [17342] Apache Struts Multiple Remote Vulnerabilities
9571| [17095] Apache Log4Net Denial Of Service Vulnerability
9572| [16916] Apache mod_python FileSession Code Execution Vulnerability
9573| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9574| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9575| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9576| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9577| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9578| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9579| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9580| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9581| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9582| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9583| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9584| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9585| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9586| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9587| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9588| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9589| [14106] Apache HTTP Request Smuggling Vulnerability
9590| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9591| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9592| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9593| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9594| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9595| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9596| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9597| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9598| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9599| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9600| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9601| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9602| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9603| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9604| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9605| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9606| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9607| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9608| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9609| [11094] Apache mod_ssl Denial Of Service Vulnerability
9610| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9611| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9612| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9613| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9614| [10478] ClueCentral Apache Suexec Patch Security Weakness
9615| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9616| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9617| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9618| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9619| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9620| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9621| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9622| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9623| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9624| [9733] Apache Cygwin Directory Traversal Vulnerability
9625| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9626| [9590] Apache-SSL Client Certificate Forging Vulnerability
9627| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9628| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9629| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9630| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9631| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9632| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9633| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9634| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9635| [8898] Red Hat Apache Directory Index Default Configuration Error
9636| [8883] Apache Cocoon Directory Traversal Vulnerability
9637| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9638| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9639| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9640| [8707] Apache htpasswd Password Entropy Weakness
9641| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9642| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9643| [8226] Apache HTTP Server Multiple Vulnerabilities
9644| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9645| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9646| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9647| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9648| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9649| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9650| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9651| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9652| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9653| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9654| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9655| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9656| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9657| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9658| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9659| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9660| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9661| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9662| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9663| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9664| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9665| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9666| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9667| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9668| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9669| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9670| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9671| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9672| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9673| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9674| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9675| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9676| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9677| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9678| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9679| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9680| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9681| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9682| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9683| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9684| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9685| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9686| [5485] Apache 2.0 Path Disclosure Vulnerability
9687| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9688| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9689| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9690| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9691| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9692| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9693| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9694| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9695| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9696| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9697| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9698| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9699| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9700| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9701| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9702| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9703| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
9704| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
9705| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
9706| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9707| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9708| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
9709| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
9710| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
9711| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
9712| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
9713| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
9714| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
9715| [3596] Apache Split-Logfile File Append Vulnerability
9716| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
9717| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
9718| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
9719| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
9720| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
9721| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
9722| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
9723| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
9724| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
9725| [3169] Apache Server Address Disclosure Vulnerability
9726| [3009] Apache Possible Directory Index Disclosure Vulnerability
9727| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
9728| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
9729| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
9730| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
9731| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
9732| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
9733| [2216] Apache Web Server DoS Vulnerability
9734| [2182] Apache /tmp File Race Vulnerability
9735| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
9736| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
9737| [1821] Apache mod_cookies Buffer Overflow Vulnerability
9738| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
9739| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
9740| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
9741| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
9742| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
9743| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
9744| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
9745| [1457] Apache::ASP source.asp Example Script Vulnerability
9746| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
9747| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
9748|
9749| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9750| [86258] Apache CloudStack text fields cross-site scripting
9751| [85983] Apache Subversion mod_dav_svn module denial of service
9752| [85875] Apache OFBiz UEL code execution
9753| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
9754| [85871] Apache HTTP Server mod_session_dbd unspecified
9755| [85756] Apache Struts OGNL expression command execution
9756| [85755] Apache Struts DefaultActionMapper class open redirect
9757| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
9758| [85574] Apache HTTP Server mod_dav denial of service
9759| [85573] Apache Struts Showcase App OGNL code execution
9760| [85496] Apache CXF denial of service
9761| [85423] Apache Geronimo RMI classloader code execution
9762| [85326] Apache Santuario XML Security for C++ buffer overflow
9763| [85323] Apache Santuario XML Security for Java spoofing
9764| [85319] Apache Qpid Python client SSL spoofing
9765| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
9766| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
9767| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
9768| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
9769| [84952] Apache Tomcat CVE-2012-3544 denial of service
9770| [84763] Apache Struts CVE-2013-2135 security bypass
9771| [84762] Apache Struts CVE-2013-2134 security bypass
9772| [84719] Apache Subversion CVE-2013-2088 command execution
9773| [84718] Apache Subversion CVE-2013-2112 denial of service
9774| [84717] Apache Subversion CVE-2013-1968 denial of service
9775| [84577] Apache Tomcat security bypass
9776| [84576] Apache Tomcat symlink
9777| [84543] Apache Struts CVE-2013-2115 security bypass
9778| [84542] Apache Struts CVE-2013-1966 security bypass
9779| [84154] Apache Tomcat session hijacking
9780| [84144] Apache Tomcat denial of service
9781| [84143] Apache Tomcat information disclosure
9782| [84111] Apache HTTP Server command execution
9783| [84043] Apache Virtual Computing Lab cross-site scripting
9784| [84042] Apache Virtual Computing Lab cross-site scripting
9785| [83782] Apache CloudStack information disclosure
9786| [83781] Apache CloudStack security bypass
9787| [83720] Apache ActiveMQ cross-site scripting
9788| [83719] Apache ActiveMQ denial of service
9789| [83718] Apache ActiveMQ denial of service
9790| [83263] Apache Subversion denial of service
9791| [83262] Apache Subversion denial of service
9792| [83261] Apache Subversion denial of service
9793| [83259] Apache Subversion denial of service
9794| [83035] Apache mod_ruid2 security bypass
9795| [82852] Apache Qpid federation_tag security bypass
9796| [82851] Apache Qpid qpid::framing::Buffer denial of service
9797| [82758] Apache Rave User RPC API information disclosure
9798| [82663] Apache Subversion svn_fs_file_length() denial of service
9799| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
9800| [82641] Apache Qpid AMQP denial of service
9801| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
9802| [82618] Apache Commons FileUpload symlink
9803| [82360] Apache HTTP Server manager interface cross-site scripting
9804| [82359] Apache HTTP Server hostnames cross-site scripting
9805| [82338] Apache Tomcat log/logdir information disclosure
9806| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
9807| [82268] Apache OpenJPA deserialization command execution
9808| [81981] Apache CXF UsernameTokens security bypass
9809| [81980] Apache CXF WS-Security security bypass
9810| [81398] Apache OFBiz cross-site scripting
9811| [81240] Apache CouchDB directory traversal
9812| [81226] Apache CouchDB JSONP code execution
9813| [81225] Apache CouchDB Futon user interface cross-site scripting
9814| [81211] Apache Axis2/C SSL spoofing
9815| [81167] Apache CloudStack DeployVM information disclosure
9816| [81166] Apache CloudStack AddHost API information disclosure
9817| [81165] Apache CloudStack createSSHKeyPair API information disclosure
9818| [80518] Apache Tomcat cross-site request forgery security bypass
9819| [80517] Apache Tomcat FormAuthenticator security bypass
9820| [80516] Apache Tomcat NIO denial of service
9821| [80408] Apache Tomcat replay-countermeasure security bypass
9822| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
9823| [80317] Apache Tomcat slowloris denial of service
9824| [79984] Apache Commons HttpClient SSL spoofing
9825| [79983] Apache CXF SSL spoofing
9826| [79830] Apache Axis2/Java SSL spoofing
9827| [79829] Apache Axis SSL spoofing
9828| [79809] Apache Tomcat DIGEST security bypass
9829| [79806] Apache Tomcat parseHeaders() denial of service
9830| [79540] Apache OFBiz unspecified
9831| [79487] Apache Axis2 SAML security bypass
9832| [79212] Apache Cloudstack code execution
9833| [78734] Apache CXF SOAP Action security bypass
9834| [78730] Apache Qpid broker denial of service
9835| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
9836| [78563] Apache mod_pagespeed module unspecified cross-site scripting
9837| [78562] Apache mod_pagespeed module security bypass
9838| [78454] Apache Axis2 security bypass
9839| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
9840| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
9841| [78321] Apache Wicket unspecified cross-site scripting
9842| [78183] Apache Struts parameters denial of service
9843| [78182] Apache Struts cross-site request forgery
9844| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
9845| [77987] mod_rpaf module for Apache denial of service
9846| [77958] Apache Struts skill name code execution
9847| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
9848| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
9849| [77568] Apache Qpid broker security bypass
9850| [77421] Apache Libcloud spoofing
9851| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
9852| [77046] Oracle Solaris Apache HTTP Server information disclosure
9853| [76837] Apache Hadoop information disclosure
9854| [76802] Apache Sling CopyFrom denial of service
9855| [76692] Apache Hadoop symlink
9856| [76535] Apache Roller console cross-site request forgery
9857| [76534] Apache Roller weblog cross-site scripting
9858| [76152] Apache CXF elements security bypass
9859| [76151] Apache CXF child policies security bypass
9860| [75983] MapServer for Windows Apache file include
9861| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
9862| [75558] Apache POI denial of service
9863| [75545] PHP apache_request_headers() buffer overflow
9864| [75302] Apache Qpid SASL security bypass
9865| [75211] Debian GNU/Linux apache 2 cross-site scripting
9866| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
9867| [74871] Apache OFBiz FlexibleStringExpander code execution
9868| [74870] Apache OFBiz multiple cross-site scripting
9869| [74750] Apache Hadoop unspecified spoofing
9870| [74319] Apache Struts XSLTResult.java file upload
9871| [74313] Apache Traffic Server header buffer overflow
9872| [74276] Apache Wicket directory traversal
9873| [74273] Apache Wicket unspecified cross-site scripting
9874| [74181] Apache HTTP Server mod_fcgid module denial of service
9875| [73690] Apache Struts OGNL code execution
9876| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
9877| [73100] Apache MyFaces in directory traversal
9878| [73096] Apache APR hash denial of service
9879| [73052] Apache Struts name cross-site scripting
9880| [73030] Apache CXF UsernameToken security bypass
9881| [72888] Apache Struts lastName cross-site scripting
9882| [72758] Apache HTTP Server httpOnly information disclosure
9883| [72757] Apache HTTP Server MPM denial of service
9884| [72585] Apache Struts ParameterInterceptor security bypass
9885| [72438] Apache Tomcat Digest security bypass
9886| [72437] Apache Tomcat Digest security bypass
9887| [72436] Apache Tomcat DIGEST security bypass
9888| [72425] Apache Tomcat parameter denial of service
9889| [72422] Apache Tomcat request object information disclosure
9890| [72377] Apache HTTP Server scoreboard security bypass
9891| [72345] Apache HTTP Server HTTP request denial of service
9892| [72229] Apache Struts ExceptionDelegator command execution
9893| [72089] Apache Struts ParameterInterceptor directory traversal
9894| [72088] Apache Struts CookieInterceptor command execution
9895| [72047] Apache Geronimo hash denial of service
9896| [72016] Apache Tomcat hash denial of service
9897| [71711] Apache Struts OGNL expression code execution
9898| [71654] Apache Struts interfaces security bypass
9899| [71620] Apache ActiveMQ failover denial of service
9900| [71617] Apache HTTP Server mod_proxy module information disclosure
9901| [71508] Apache MyFaces EL security bypass
9902| [71445] Apache HTTP Server mod_proxy security bypass
9903| [71203] Apache Tomcat servlets privilege escalation
9904| [71181] Apache HTTP Server ap_pregsub() denial of service
9905| [71093] Apache HTTP Server ap_pregsub() buffer overflow
9906| [70336] Apache HTTP Server mod_proxy information disclosure
9907| [69804] Apache HTTP Server mod_proxy_ajp denial of service
9908| [69472] Apache Tomcat AJP security bypass
9909| [69396] Apache HTTP Server ByteRange filter denial of service
9910| [69394] Apache Wicket multi window support cross-site scripting
9911| [69176] Apache Tomcat XML information disclosure
9912| [69161] Apache Tomcat jsvc information disclosure
9913| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
9914| [68541] Apache Tomcat sendfile information disclosure
9915| [68420] Apache XML Security denial of service
9916| [68238] Apache Tomcat JMX information disclosure
9917| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
9918| [67804] Apache Subversion control rules information disclosure
9919| [67803] Apache Subversion control rules denial of service
9920| [67802] Apache Subversion baselined denial of service
9921| [67672] Apache Archiva multiple cross-site scripting
9922| [67671] Apache Archiva multiple cross-site request forgery
9923| [67564] Apache APR apr_fnmatch() denial of service
9924| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
9925| [67515] Apache Tomcat annotations security bypass
9926| [67480] Apache Struts s:submit information disclosure
9927| [67414] Apache APR apr_fnmatch() denial of service
9928| [67356] Apache Struts javatemplates cross-site scripting
9929| [67354] Apache Struts Xwork cross-site scripting
9930| [66676] Apache Tomcat HTTP BIO information disclosure
9931| [66675] Apache Tomcat web.xml security bypass
9932| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
9933| [66241] Apache HttpComponents information disclosure
9934| [66154] Apache Tomcat ServletSecurity security bypass
9935| [65971] Apache Tomcat ServletSecurity security bypass
9936| [65876] Apache Subversion mod_dav_svn denial of service
9937| [65343] Apache Continuum unspecified cross-site scripting
9938| [65162] Apache Tomcat NIO connector denial of service
9939| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
9940| [65160] Apache Tomcat HTML Manager interface cross-site scripting
9941| [65159] Apache Tomcat ServletContect security bypass
9942| [65050] Apache CouchDB web-based administration UI cross-site scripting
9943| [64773] Oracle HTTP Server Apache Plugin unauthorized access
9944| [64473] Apache Subversion blame -g denial of service
9945| [64472] Apache Subversion walk() denial of service
9946| [64407] Apache Axis2 CVE-2010-0219 code execution
9947| [63926] Apache Archiva password privilege escalation
9948| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
9949| [63493] Apache Archiva credentials cross-site request forgery
9950| [63477] Apache Tomcat HttpOnly session hijacking
9951| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
9952| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
9953| [62959] Apache Shiro filters security bypass
9954| [62790] Apache Perl cgi module denial of service
9955| [62576] Apache Qpid exchange denial of service
9956| [62575] Apache Qpid AMQP denial of service
9957| [62354] Apache Qpid SSL denial of service
9958| [62235] Apache APR-util apr_brigade_split_line() denial of service
9959| [62181] Apache XML-RPC SAX Parser information disclosure
9960| [61721] Apache Traffic Server cache poisoning
9961| [61202] Apache Derby BUILTIN authentication functionality information disclosure
9962| [61186] Apache CouchDB Futon cross-site request forgery
9963| [61169] Apache CXF DTD denial of service
9964| [61070] Apache Jackrabbit search.jsp SQL injection
9965| [61006] Apache SLMS Quoting cross-site request forgery
9966| [60962] Apache Tomcat time cross-site scripting
9967| [60883] Apache mod_proxy_http information disclosure
9968| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
9969| [60264] Apache Tomcat Transfer-Encoding denial of service
9970| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
9971| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
9972| [59413] Apache mod_proxy_http timeout information disclosure
9973| [59058] Apache MyFaces unencrypted view state cross-site scripting
9974| [58827] Apache Axis2 xsd file include
9975| [58790] Apache Axis2 modules cross-site scripting
9976| [58299] Apache ActiveMQ queueBrowse cross-site scripting
9977| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
9978| [58056] Apache ActiveMQ .jsp source code disclosure
9979| [58055] Apache Tomcat realm name information disclosure
9980| [58046] Apache HTTP Server mod_auth_shadow security bypass
9981| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
9982| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
9983| [57429] Apache CouchDB algorithms information disclosure
9984| [57398] Apache ActiveMQ Web console cross-site request forgery
9985| [57397] Apache ActiveMQ createDestination.action cross-site scripting
9986| [56653] Apache HTTP Server DNS spoofing
9987| [56652] Apache HTTP Server DNS cross-site scripting
9988| [56625] Apache HTTP Server request header information disclosure
9989| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
9990| [56623] Apache HTTP Server mod_proxy_ajp denial of service
9991| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
9992| [55857] Apache Tomcat WAR files directory traversal
9993| [55856] Apache Tomcat autoDeploy attribute security bypass
9994| [55855] Apache Tomcat WAR directory traversal
9995| [55210] Intuit component for Joomla! Apache information disclosure
9996| [54533] Apache Tomcat 404 error page cross-site scripting
9997| [54182] Apache Tomcat admin default password
9998| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
9999| [53666] Apache HTTP Server Solaris pollset support denial of service
10000| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10001| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10002| [53041] mod_proxy_ftp module for Apache denial of service
10003| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10004| [51953] Apache Tomcat Path Disclosure
10005| [51952] Apache Tomcat Path Traversal
10006| [51951] Apache stronghold-status Information Disclosure
10007| [51950] Apache stronghold-info Information Disclosure
10008| [51949] Apache PHP Source Code Disclosure
10009| [51948] Apache Multiviews Attack
10010| [51946] Apache JServ Environment Status Information Disclosure
10011| [51945] Apache error_log Information Disclosure
10012| [51944] Apache Default Installation Page Pattern Found
10013| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10014| [51942] Apache AXIS XML External Entity File Retrieval
10015| [51941] Apache AXIS Sample Servlet Information Leak
10016| [51940] Apache access_log Information Disclosure
10017| [51626] Apache mod_deflate denial of service
10018| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10019| [51365] Apache Tomcat RequestDispatcher security bypass
10020| [51273] Apache HTTP Server Incomplete Request denial of service
10021| [51195] Apache Tomcat XML information disclosure
10022| [50994] Apache APR-util xml/apr_xml.c denial of service
10023| [50993] Apache APR-util apr_brigade_vprintf denial of service
10024| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10025| [50930] Apache Tomcat j_security_check information disclosure
10026| [50928] Apache Tomcat AJP denial of service
10027| [50884] Apache HTTP Server XML ENTITY denial of service
10028| [50808] Apache HTTP Server AllowOverride privilege escalation
10029| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10030| [50059] Apache mod_proxy_ajp information disclosure
10031| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10032| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10033| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10034| [49921] Apache ActiveMQ Web interface cross-site scripting
10035| [49898] Apache Geronimo Services/Repository directory traversal
10036| [49725] Apache Tomcat mod_jk module information disclosure
10037| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10038| [49712] Apache Struts unspecified cross-site scripting
10039| [49213] Apache Tomcat cal2.jsp cross-site scripting
10040| [48934] Apache Tomcat POST doRead method information disclosure
10041| [48211] Apache Tomcat header HTTP request smuggling
10042| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10043| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10044| [47709] Apache Roller "
10045| [47104] Novell Netware ApacheAdmin console security bypass
10046| [47086] Apache HTTP Server OS fingerprinting unspecified
10047| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10048| [45791] Apache Tomcat RemoteFilterValve security bypass
10049| [44435] Oracle WebLogic Apache Connector buffer overflow
10050| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10051| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10052| [44156] Apache Tomcat RequestDispatcher directory traversal
10053| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10054| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10055| [42987] Apache HTTP Server mod_proxy module denial of service
10056| [42915] Apache Tomcat JSP files path disclosure
10057| [42914] Apache Tomcat MS-DOS path disclosure
10058| [42892] Apache Tomcat unspecified unauthorized access
10059| [42816] Apache Tomcat Host Manager cross-site scripting
10060| [42303] Apache 403 error cross-site scripting
10061| [41618] Apache-SSL ExpandCert() authentication bypass
10062| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10063| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10064| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10065| [40562] Apache Geronimo init information disclosure
10066| [40478] Novell Web Manager webadmin-apache.conf security bypass
10067| [40411] Apache Tomcat exception handling information disclosure
10068| [40409] Apache Tomcat native (APR based) connector weak security
10069| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10070| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10071| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10072| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10073| [39804] Apache Tomcat SingleSignOn information disclosure
10074| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10075| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10076| [39608] Apache HTTP Server balancer manager cross-site request forgery
10077| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10078| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10079| [39472] Apache HTTP Server mod_status cross-site scripting
10080| [39201] Apache Tomcat JULI logging weak security
10081| [39158] Apache HTTP Server Windows SMB shares information disclosure
10082| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10083| [38951] Apache::AuthCAS Perl module cookie SQL injection
10084| [38800] Apache HTTP Server 413 error page cross-site scripting
10085| [38211] Apache Geronimo SQLLoginModule authentication bypass
10086| [37243] Apache Tomcat WebDAV directory traversal
10087| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10088| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10089| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10090| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10091| [36782] Apache Geronimo MEJB unauthorized access
10092| [36586] Apache HTTP Server UTF-7 cross-site scripting
10093| [36468] Apache Geronimo LoginModule security bypass
10094| [36467] Apache Tomcat functions.jsp cross-site scripting
10095| [36402] Apache Tomcat calendar cross-site request forgery
10096| [36354] Apache HTTP Server mod_proxy module denial of service
10097| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10098| [36336] Apache Derby lock table privilege escalation
10099| [36335] Apache Derby schema privilege escalation
10100| [36006] Apache Tomcat "
10101| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10102| [35999] Apache Tomcat \"
10103| [35795] Apache Tomcat CookieExample cross-site scripting
10104| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10105| [35384] Apache HTTP Server mod_cache module denial of service
10106| [35097] Apache HTTP Server mod_status module cross-site scripting
10107| [35095] Apache HTTP Server Prefork MPM module denial of service
10108| [34984] Apache HTTP Server recall_headers information disclosure
10109| [34966] Apache HTTP Server MPM content spoofing
10110| [34965] Apache HTTP Server MPM information disclosure
10111| [34963] Apache HTTP Server MPM multiple denial of service
10112| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10113| [34869] Apache Tomcat JSP example Web application cross-site scripting
10114| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10115| [34496] Apache Tomcat JK Connector security bypass
10116| [34377] Apache Tomcat hello.jsp cross-site scripting
10117| [34212] Apache Tomcat SSL configuration security bypass
10118| [34210] Apache Tomcat Accept-Language cross-site scripting
10119| [34209] Apache Tomcat calendar application cross-site scripting
10120| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10121| [34167] Apache Axis WSDL file path disclosure
10122| [34068] Apache Tomcat AJP connector information disclosure
10123| [33584] Apache HTTP Server suEXEC privilege escalation
10124| [32988] Apache Tomcat proxy module directory traversal
10125| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10126| [32708] Debian Apache tty privilege escalation
10127| [32441] ApacheStats extract() PHP call unspecified
10128| [32128] Apache Tomcat default account
10129| [31680] Apache Tomcat RequestParamExample cross-site scripting
10130| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10131| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10132| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10133| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10134| [29550] Apache mod_tcl set_var() format string
10135| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10136| [28357] Apache HTTP Server mod_alias script source information disclosure
10137| [28063] Apache mod_rewrite off-by-one buffer overflow
10138| [27902] Apache Tomcat URL information disclosure
10139| [26786] Apache James SMTP server denial of service
10140| [25680] libapache2 /tmp/svn file upload
10141| [25614] Apache Struts lookupMap cross-site scripting
10142| [25613] Apache Struts ActionForm denial of service
10143| [25612] Apache Struts isCancelled() security bypass
10144| [24965] Apache mod_python FileSession command execution
10145| [24716] Apache James spooler memory leak denial of service
10146| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10147| [24158] Apache Geronimo jsp-examples cross-site scripting
10148| [24030] Apache auth_ldap module multiple format strings
10149| [24008] Apache mod_ssl custom error message denial of service
10150| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10151| [23612] Apache mod_imap referer field cross-site scripting
10152| [23173] Apache Struts error message cross-site scripting
10153| [22942] Apache Tomcat directory listing denial of service
10154| [22858] Apache Multi-Processing Module code allows denial of service
10155| [22602] RHSA-2005:582 updates for Apache httpd not installed
10156| [22520] Apache mod-auth-shadow "
10157| [22466] ApacheTop symlink
10158| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10159| [22006] Apache HTTP Server byte-range filter denial of service
10160| [21567] Apache mod_ssl off-by-one buffer overflow
10161| [21195] Apache HTTP Server header HTTP request smuggling
10162| [20383] Apache HTTP Server htdigest buffer overflow
10163| [19681] Apache Tomcat AJP12 request denial of service
10164| [18993] Apache HTTP server check_forensic symlink attack
10165| [18790] Apache Tomcat Manager cross-site scripting
10166| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10167| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10168| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10169| [17961] Apache Web server ServerTokens has not been set
10170| [17930] Apache HTTP Server HTTP GET request denial of service
10171| [17785] Apache mod_include module buffer overflow
10172| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10173| [17473] Apache HTTP Server Satisfy directive allows access to resources
10174| [17413] Apache htpasswd buffer overflow
10175| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10176| [17382] Apache HTTP Server IPv6 apr_util denial of service
10177| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10178| [17273] Apache HTTP Server speculative mode denial of service
10179| [17200] Apache HTTP Server mod_ssl denial of service
10180| [16890] Apache HTTP Server server-info request has been detected
10181| [16889] Apache HTTP Server server-status request has been detected
10182| [16705] Apache mod_ssl format string attack
10183| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10184| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10185| [16230] Apache HTTP Server PHP denial of service
10186| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10187| [15958] Apache HTTP Server authentication modules memory corruption
10188| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10189| [15540] Apache HTTP Server socket starvation denial of service
10190| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10191| [15422] Apache HTTP Server mod_access information disclosure
10192| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10193| [15293] Apache for Cygwin "
10194| [15065] Apache-SSL has a default password
10195| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10196| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10197| [14751] Apache Mod_python output filter information disclosure
10198| [14125] Apache HTTP Server mod_userdir module information disclosure
10199| [14075] Apache HTTP Server mod_php file descriptor leak
10200| [13703] Apache HTTP Server account
10201| [13689] Apache HTTP Server configuration allows symlinks
10202| [13688] Apache HTTP Server configuration allows SSI
10203| [13687] Apache HTTP Server Server: header value
10204| [13685] Apache HTTP Server ServerTokens value
10205| [13684] Apache HTTP Server ServerSignature value
10206| [13672] Apache HTTP Server config allows directory autoindexing
10207| [13671] Apache HTTP Server default content
10208| [13670] Apache HTTP Server config file directive references outside content root
10209| [13668] Apache HTTP Server httpd not running in chroot environment
10210| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10211| [13664] Apache HTTP Server config file contains ScriptAlias entry
10212| [13663] Apache HTTP Server CGI support modules loaded
10213| [13661] Apache HTTP Server config file contains AddHandler entry
10214| [13660] Apache HTTP Server 500 error page not CGI script
10215| [13659] Apache HTTP Server 413 error page not CGI script
10216| [13658] Apache HTTP Server 403 error page not CGI script
10217| [13657] Apache HTTP Server 401 error page not CGI script
10218| [13552] Apache HTTP Server mod_cgid module information disclosure
10219| [13550] Apache GET request directory traversal
10220| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10221| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10222| [13429] Apache Tomcat non-HTTP request denial of service
10223| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10224| [13295] Apache weak password encryption
10225| [13254] Apache Tomcat .jsp cross-site scripting
10226| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10227| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10228| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10229| [12662] Apache HTTP Server rotatelogs denial of service
10230| [12554] Apache Tomcat stores password in plain text
10231| [12553] Apache HTTP Server redirects and subrequests denial of service
10232| [12552] Apache HTTP Server FTP proxy server denial of service
10233| [12551] Apache HTTP Server prefork MPM denial of service
10234| [12550] Apache HTTP Server weaker than expected encryption
10235| [12549] Apache HTTP Server type-map file denial of service
10236| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10237| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10238| [12091] Apache HTTP Server apr_password_validate denial of service
10239| [12090] Apache HTTP Server apr_psprintf code execution
10240| [11804] Apache HTTP Server mod_access_referer denial of service
10241| [11750] Apache HTTP Server could leak sensitive file descriptors
10242| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10243| [11703] Apache long slash path allows directory listing
10244| [11695] Apache HTTP Server LF (Line Feed) denial of service
10245| [11694] Apache HTTP Server filestat.c denial of service
10246| [11438] Apache HTTP Server MIME message boundaries information disclosure
10247| [11412] Apache HTTP Server error log terminal escape sequence injection
10248| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10249| [11195] Apache Tomcat web.xml could be used to read files
10250| [11194] Apache Tomcat URL appended with a null character could list directories
10251| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10252| [11126] Apache HTTP Server illegal character file disclosure
10253| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10254| [11124] Apache HTTP Server DOS device name denial of service
10255| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10256| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10257| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10258| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10259| [10499] Apache HTTP Server WebDAV HTTP POST view source
10260| [10457] Apache HTTP Server mod_ssl "
10261| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10262| [10414] Apache HTTP Server htdigest multiple buffer overflows
10263| [10413] Apache HTTP Server htdigest temporary file race condition
10264| [10412] Apache HTTP Server htpasswd temporary file race condition
10265| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10266| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10267| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10268| [10280] Apache HTTP Server shared memory scorecard overwrite
10269| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10270| [10241] Apache HTTP Server Host: header cross-site scripting
10271| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10272| [10208] Apache HTTP Server mod_dav denial of service
10273| [10206] HP VVOS Apache mod_ssl denial of service
10274| [10200] Apache HTTP Server stderr denial of service
10275| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10276| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10277| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10278| [10098] Slapper worm targets OpenSSL/Apache systems
10279| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10280| [9875] Apache HTTP Server .var file request could disclose installation path
10281| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10282| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10283| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10284| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10285| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10286| [9396] Apache Tomcat null character to threads denial of service
10287| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10288| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10289| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10290| [8932] Apache Tomcat example class information disclosure
10291| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10292| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10293| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10294| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10295| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10296| [8400] Apache HTTP Server mod_frontpage buffer overflows
10297| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10298| [8308] Apache "
10299| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10300| [8119] Apache and PHP OPTIONS request reveals "
10301| [8054] Apache is running on the system
10302| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10303| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10304| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10305| [7836] Apache HTTP Server log directory denial of service
10306| [7815] Apache for Windows "
10307| [7810] Apache HTTP request could result in unexpected behavior
10308| [7599] Apache Tomcat reveals installation path
10309| [7494] Apache "
10310| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10311| [7363] Apache Web Server hidden HTTP requests
10312| [7249] Apache mod_proxy denial of service
10313| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10314| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10315| [7059] Apache "
10316| [7057] Apache "
10317| [7056] Apache "
10318| [7055] Apache "
10319| [7054] Apache "
10320| [6997] Apache Jakarta Tomcat error message may reveal information
10321| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10322| [6970] Apache crafted HTTP request could reveal the internal IP address
10323| [6921] Apache long slash path allows directory listing
10324| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10325| [6527] Apache Web Server for Windows and OS2 denial of service
10326| [6316] Apache Jakarta Tomcat may reveal JSP source code
10327| [6305] Apache Jakarta Tomcat directory traversal
10328| [5926] Linux Apache symbolic link
10329| [5659] Apache Web server discloses files when used with php script
10330| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10331| [5204] Apache WebDAV directory listings
10332| [5197] Apache Web server reveals CGI script source code
10333| [5160] Apache Jakarta Tomcat default installation
10334| [5099] Trustix Secure Linux installs Apache with world writable access
10335| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10336| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10337| [4931] Apache source.asp example file allows users to write to files
10338| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10339| [4205] Apache Jakarta Tomcat delivers file contents
10340| [2084] Apache on Debian by default serves the /usr/doc directory
10341| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10342| [697] Apache HTTP server beck exploit
10343| [331] Apache cookies buffer overflow
10344|
10345| Exploit-DB - https://www.exploit-db.com:
10346| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10347| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10348| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10349| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10350| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10351| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10352| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10353| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10354| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10355| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10356| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10357| [29859] Apache Roller OGNL Injection
10358| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10359| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10360| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10361| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10362| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10363| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10364| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10365| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10366| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10367| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10368| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10369| [27096] Apache Geronimo 1.0 Error Page XSS
10370| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10371| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10372| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10373| [25986] Plesk Apache Zeroday Remote Exploit
10374| [25980] Apache Struts includeParams Remote Code Execution
10375| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10376| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10377| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10378| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10379| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10380| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10381| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10382| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10383| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10384| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10385| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10386| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10387| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10388| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10389| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10390| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10391| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10392| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10393| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10394| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10395| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10396| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10397| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10398| [21719] Apache 2.0 Path Disclosure Vulnerability
10399| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10400| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10401| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10402| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10403| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10404| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10405| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10406| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10407| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10408| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10409| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10410| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10411| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10412| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10413| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10414| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10415| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10416| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10417| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10418| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10419| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10420| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10421| [20558] Apache 1.2 Web Server DoS Vulnerability
10422| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10423| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10424| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10425| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10426| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10427| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10428| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10429| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10430| [19231] PHP apache_request_headers Function Buffer Overflow
10431| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10432| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10433| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10434| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10435| [18442] Apache httpOnly Cookie Disclosure
10436| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10437| [18221] Apache HTTP Server Denial of Service
10438| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10439| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10440| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10441| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10442| [16782] Apache Win32 Chunked Encoding
10443| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10444| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10445| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10446| [15319] Apache 2.2 (Windows) Local Denial of Service
10447| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10448| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10449| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10450| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10451| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10452| [12330] Apache OFBiz - Multiple XSS
10453| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10454| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10455| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10456| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10457| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10458| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10459| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10460| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10461| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10462| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10463| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10464| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10465| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10466| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10467| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10468| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10469| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10470| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10471| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10472| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10473| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10474| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10475| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10476| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10477| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10478| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10479| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10480| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10481| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10482| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10483| [466] htpasswd Apache 1.3.31 - Local Exploit
10484| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10485| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10486| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10487| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10488| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10489| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10490| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10491| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10492| [9] Apache HTTP Server 2.x Memory Leak Exploit
10493|
10494| OpenVAS (Nessus) - http://www.openvas.org:
10495| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10496| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10497| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10498| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10499| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10500| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10501| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10502| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10503| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10504| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10505| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10506| [900571] Apache APR-Utils Version Detection
10507| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10508| [900496] Apache Tiles Multiple XSS Vulnerability
10509| [900493] Apache Tiles Version Detection
10510| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10511| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10512| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10513| [870175] RedHat Update for apache RHSA-2008:0004-01
10514| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10515| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10516| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10517| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10518| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10519| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10520| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10521| [855821] Solaris Update for Apache 1.3 122912-19
10522| [855812] Solaris Update for Apache 1.3 122911-19
10523| [855737] Solaris Update for Apache 1.3 122911-17
10524| [855731] Solaris Update for Apache 1.3 122912-17
10525| [855695] Solaris Update for Apache 1.3 122911-16
10526| [855645] Solaris Update for Apache 1.3 122912-16
10527| [855587] Solaris Update for kernel update and Apache 108529-29
10528| [855566] Solaris Update for Apache 116973-07
10529| [855531] Solaris Update for Apache 116974-07
10530| [855524] Solaris Update for Apache 2 120544-14
10531| [855494] Solaris Update for Apache 1.3 122911-15
10532| [855478] Solaris Update for Apache Security 114145-11
10533| [855472] Solaris Update for Apache Security 113146-12
10534| [855179] Solaris Update for Apache 1.3 122912-15
10535| [855147] Solaris Update for kernel update and Apache 108528-29
10536| [855077] Solaris Update for Apache 2 120543-14
10537| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10538| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10539| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10540| [841209] Ubuntu Update for apache2 USN-1627-1
10541| [840900] Ubuntu Update for apache2 USN-1368-1
10542| [840798] Ubuntu Update for apache2 USN-1259-1
10543| [840734] Ubuntu Update for apache2 USN-1199-1
10544| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10545| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10546| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10547| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10548| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10549| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10550| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10551| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10552| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10553| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10554| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10555| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10556| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10557| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10558| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10559| [835188] HP-UX Update for Apache HPSBUX02308
10560| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10561| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10562| [835172] HP-UX Update for Apache HPSBUX02365
10563| [835168] HP-UX Update for Apache HPSBUX02313
10564| [835148] HP-UX Update for Apache HPSBUX01064
10565| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10566| [835131] HP-UX Update for Apache HPSBUX00256
10567| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10568| [835104] HP-UX Update for Apache HPSBUX00224
10569| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10570| [835101] HP-UX Update for Apache HPSBUX01232
10571| [835080] HP-UX Update for Apache HPSBUX02273
10572| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10573| [835044] HP-UX Update for Apache HPSBUX01019
10574| [835040] HP-UX Update for Apache PHP HPSBUX00207
10575| [835025] HP-UX Update for Apache HPSBUX00197
10576| [835023] HP-UX Update for Apache HPSBUX01022
10577| [835022] HP-UX Update for Apache HPSBUX02292
10578| [835005] HP-UX Update for Apache HPSBUX02262
10579| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10580| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10581| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10582| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10583| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10584| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10585| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10586| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10587| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10588| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10589| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10590| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10591| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10592| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10593| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10594| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10595| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10596| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10597| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10598| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10599| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10600| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10601| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10602| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10603| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10604| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10605| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10606| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10607| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10608| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10609| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10610| [801942] Apache Archiva Multiple Vulnerabilities
10611| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10612| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10613| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10614| [801284] Apache Derby Information Disclosure Vulnerability
10615| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10616| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10617| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10618| [800680] Apache APR Version Detection
10619| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10620| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10621| [800677] Apache Roller Version Detection
10622| [800279] Apache mod_jk Module Version Detection
10623| [800278] Apache Struts Cross Site Scripting Vulnerability
10624| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10625| [800276] Apache Struts Version Detection
10626| [800271] Apache Struts Directory Traversal Vulnerability
10627| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10628| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10629| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10630| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10631| [103074] Apache Continuum Cross Site Scripting Vulnerability
10632| [103073] Apache Continuum Detection
10633| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10634| [101023] Apache Open For Business Weak Password security check
10635| [101020] Apache Open For Business HTML injection vulnerability
10636| [101019] Apache Open For Business service detection
10637| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10638| [100923] Apache Archiva Detection
10639| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10640| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10641| [100813] Apache Axis2 Detection
10642| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10643| [100795] Apache Derby Detection
10644| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10645| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10646| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10647| [100514] Apache Multiple Security Vulnerabilities
10648| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10649| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10650| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10651| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10652| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10653| [72612] FreeBSD Ports: apache22
10654| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10655| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10656| [71512] FreeBSD Ports: apache
10657| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10658| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10659| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10660| [70737] FreeBSD Ports: apache
10661| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10662| [70600] FreeBSD Ports: apache
10663| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10664| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10665| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10666| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10667| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10668| [67868] FreeBSD Ports: apache
10669| [66816] FreeBSD Ports: apache
10670| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10671| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10672| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10673| [66081] SLES11: Security update for Apache 2
10674| [66074] SLES10: Security update for Apache 2
10675| [66070] SLES9: Security update for Apache 2
10676| [65998] SLES10: Security update for apache2-mod_python
10677| [65893] SLES10: Security update for Apache 2
10678| [65888] SLES10: Security update for Apache 2
10679| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10680| [65510] SLES9: Security update for Apache 2
10681| [65472] SLES9: Security update for Apache
10682| [65467] SLES9: Security update for Apache
10683| [65450] SLES9: Security update for apache2
10684| [65390] SLES9: Security update for Apache2
10685| [65363] SLES9: Security update for Apache2
10686| [65309] SLES9: Security update for Apache and mod_ssl
10687| [65296] SLES9: Security update for webdav apache module
10688| [65283] SLES9: Security update for Apache2
10689| [65249] SLES9: Security update for Apache 2
10690| [65230] SLES9: Security update for Apache 2
10691| [65228] SLES9: Security update for Apache 2
10692| [65212] SLES9: Security update for apache2-mod_python
10693| [65209] SLES9: Security update for apache2-worker
10694| [65207] SLES9: Security update for Apache 2
10695| [65168] SLES9: Security update for apache2-mod_python
10696| [65142] SLES9: Security update for Apache2
10697| [65136] SLES9: Security update for Apache 2
10698| [65132] SLES9: Security update for apache
10699| [65131] SLES9: Security update for Apache 2 oes/CORE
10700| [65113] SLES9: Security update for apache2
10701| [65072] SLES9: Security update for apache and mod_ssl
10702| [65017] SLES9: Security update for Apache 2
10703| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
10704| [64783] FreeBSD Ports: apache
10705| [64774] Ubuntu USN-802-2 (apache2)
10706| [64653] Ubuntu USN-813-2 (apache2)
10707| [64559] Debian Security Advisory DSA 1834-2 (apache2)
10708| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
10709| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
10710| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
10711| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
10712| [64443] Ubuntu USN-802-1 (apache2)
10713| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
10714| [64423] Debian Security Advisory DSA 1834-1 (apache2)
10715| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
10716| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
10717| [64251] Debian Security Advisory DSA 1816-1 (apache2)
10718| [64201] Ubuntu USN-787-1 (apache2)
10719| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
10720| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
10721| [63565] FreeBSD Ports: apache
10722| [63562] Ubuntu USN-731-1 (apache2)
10723| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
10724| [61185] FreeBSD Ports: apache
10725| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
10726| [60387] Slackware Advisory SSA:2008-045-02 apache
10727| [58826] FreeBSD Ports: apache-tomcat
10728| [58825] FreeBSD Ports: apache-tomcat
10729| [58804] FreeBSD Ports: apache
10730| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
10731| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
10732| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
10733| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
10734| [57335] Debian Security Advisory DSA 1167-1 (apache)
10735| [57201] Debian Security Advisory DSA 1131-1 (apache)
10736| [57200] Debian Security Advisory DSA 1132-1 (apache2)
10737| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
10738| [57145] FreeBSD Ports: apache
10739| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
10740| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
10741| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
10742| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
10743| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
10744| [56067] FreeBSD Ports: apache
10745| [55803] Slackware Advisory SSA:2005-310-04 apache
10746| [55519] Debian Security Advisory DSA 839-1 (apachetop)
10747| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
10748| [55355] FreeBSD Ports: apache
10749| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
10750| [55261] Debian Security Advisory DSA 805-1 (apache2)
10751| [55259] Debian Security Advisory DSA 803-1 (apache)
10752| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
10753| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
10754| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
10755| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
10756| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
10757| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
10758| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
10759| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
10760| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
10761| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
10762| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
10763| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
10764| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
10765| [54439] FreeBSD Ports: apache
10766| [53931] Slackware Advisory SSA:2004-133-01 apache
10767| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
10768| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
10769| [53878] Slackware Advisory SSA:2003-308-01 apache security update
10770| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
10771| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
10772| [53848] Debian Security Advisory DSA 131-1 (apache)
10773| [53784] Debian Security Advisory DSA 021-1 (apache)
10774| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
10775| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
10776| [53735] Debian Security Advisory DSA 187-1 (apache)
10777| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
10778| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
10779| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
10780| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
10781| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
10782| [53282] Debian Security Advisory DSA 594-1 (apache)
10783| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
10784| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
10785| [53215] Debian Security Advisory DSA 525-1 (apache)
10786| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
10787| [52529] FreeBSD Ports: apache+ssl
10788| [52501] FreeBSD Ports: apache
10789| [52461] FreeBSD Ports: apache
10790| [52390] FreeBSD Ports: apache
10791| [52389] FreeBSD Ports: apache
10792| [52388] FreeBSD Ports: apache
10793| [52383] FreeBSD Ports: apache
10794| [52339] FreeBSD Ports: apache+mod_ssl
10795| [52331] FreeBSD Ports: apache
10796| [52329] FreeBSD Ports: ru-apache+mod_ssl
10797| [52314] FreeBSD Ports: apache
10798| [52310] FreeBSD Ports: apache
10799| [15588] Detect Apache HTTPS
10800| [15555] Apache mod_proxy content-length buffer overflow
10801| [15554] Apache mod_include priviledge escalation
10802| [14771] Apache <= 1.3.33 htpasswd local overflow
10803| [14177] Apache mod_access rule bypass
10804| [13644] Apache mod_rootme Backdoor
10805| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
10806| [12280] Apache Connection Blocking Denial of Service
10807| [12239] Apache Error Log Escape Sequence Injection
10808| [12123] Apache Tomcat source.jsp malformed request information disclosure
10809| [12085] Apache Tomcat servlet/JSP container default files
10810| [11438] Apache Tomcat Directory Listing and File disclosure
10811| [11204] Apache Tomcat Default Accounts
10812| [11092] Apache 2.0.39 Win32 directory traversal
10813| [11046] Apache Tomcat TroubleShooter Servlet Installed
10814| [11042] Apache Tomcat DOS Device Name XSS
10815| [11041] Apache Tomcat /servlet Cross Site Scripting
10816| [10938] Apache Remote Command Execution via .bat files
10817| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
10818| [10773] MacOS X Finder reveals contents of Apache Web files
10819| [10766] Apache UserDir Sensitive Information Disclosure
10820| [10756] MacOS X Finder reveals contents of Apache Web directories
10821| [10752] Apache Auth Module SQL Insertion Attack
10822| [10704] Apache Directory Listing
10823| [10678] Apache /server-info accessible
10824| [10677] Apache /server-status accessible
10825| [10440] Check for Apache Multiple / vulnerability
10826|
10827| SecurityTracker - https://www.securitytracker.com:
10828| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
10829| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
10830| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
10831| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
10832| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10833| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10834| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10835| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
10836| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
10837| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
10838| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10839| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
10840| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
10841| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
10842| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
10843| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
10844| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
10845| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
10846| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
10847| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
10848| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
10849| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
10850| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
10851| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10852| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
10853| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10854| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10855| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
10856| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
10857| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
10858| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
10859| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
10860| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
10861| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
10862| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
10863| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
10864| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
10865| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
10866| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
10867| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
10868| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
10869| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
10870| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
10871| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
10872| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
10873| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
10874| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10875| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
10876| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
10877| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
10878| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
10879| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
10880| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
10881| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
10882| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
10883| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
10884| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
10885| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
10886| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
10887| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
10888| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
10889| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
10890| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
10891| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
10892| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
10893| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
10894| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
10895| [1024096] Apache mod_proxy_http May Return Results for a Different Request
10896| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
10897| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
10898| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
10899| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
10900| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
10901| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
10902| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
10903| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
10904| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
10905| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
10906| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
10907| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
10908| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
10909| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10910| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
10911| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
10912| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
10913| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
10914| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
10915| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10916| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
10917| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
10918| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
10919| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
10920| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
10921| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
10922| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
10923| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
10924| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
10925| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
10926| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
10927| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
10928| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
10929| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
10930| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
10931| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
10932| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
10933| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
10934| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
10935| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
10936| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
10937| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
10938| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
10939| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
10940| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
10941| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
10942| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
10943| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
10944| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
10945| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
10946| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
10947| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
10948| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
10949| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
10950| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
10951| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
10952| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
10953| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
10954| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
10955| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
10956| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
10957| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
10958| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
10959| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
10960| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
10961| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
10962| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
10963| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
10964| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
10965| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
10966| [1008920] Apache mod_digest May Validate Replayed Client Responses
10967| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
10968| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
10969| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
10970| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
10971| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
10972| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
10973| [1008030] Apache mod_rewrite Contains a Buffer Overflow
10974| [1008029] Apache mod_alias Contains a Buffer Overflow
10975| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
10976| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
10977| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
10978| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
10979| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
10980| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
10981| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
10982| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
10983| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
10984| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
10985| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
10986| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
10987| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
10988| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
10989| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
10990| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
10991| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
10992| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
10993| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
10994| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
10995| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
10996| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
10997| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
10998| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
10999| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11000| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11001| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11002| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11003| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11004| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11005| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11006| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11007| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11008| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11009| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11010| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11011| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11012| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11013| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11014| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11015| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11016| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11017| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11018| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11019| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11020| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11021| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11022| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11023| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11024| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11025| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11026| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11027| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11028| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11029| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11030| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11031|
11032| OSVDB - http://www.osvdb.org:
11033| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11034| [96077] Apache CloudStack Global Settings Multiple Field XSS
11035| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11036| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11037| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11038| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11039| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11040| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11041| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11042| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11043| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11044| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11045| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11046| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11047| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11048| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11049| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11050| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11051| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11052| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11053| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11054| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11055| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11056| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11057| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11058| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11059| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11060| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11061| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11062| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11063| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11064| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11065| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11066| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11067| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11068| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11069| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11070| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11071| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11072| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11073| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11074| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11075| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11076| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11077| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11078| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11079| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11080| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11081| [94279] Apache Qpid CA Certificate Validation Bypass
11082| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11083| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11084| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11085| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11086| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11087| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11088| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11089| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11090| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11091| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11092| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11093| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11094| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11095| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11096| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11097| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11098| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11099| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11100| [93541] Apache Solr json.wrf Callback XSS
11101| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11102| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11103| [93520] Apache CloudStack Default SSL Key Weakness
11104| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11105| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11106| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11107| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11108| [93515] Apache HBase table.jsp name Parameter XSS
11109| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11110| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11111| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11112| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11113| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11114| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11115| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11116| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11117| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11118| [93252] Apache Tomcat FORM Authenticator Session Fixation
11119| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11120| [93171] Apache Sling HtmlResponse Error Message XSS
11121| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11122| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11123| [93168] Apache Click ErrorReport.java id Parameter XSS
11124| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11125| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11126| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11127| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11128| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11129| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11130| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11131| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11132| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11133| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11134| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11135| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11136| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11137| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11138| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11139| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11140| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11141| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11142| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11143| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11144| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11145| [93144] Apache Solr Admin Command Execution CSRF
11146| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11147| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11148| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11149| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11150| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11151| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11152| [92748] Apache CloudStack VM Console Access Restriction Bypass
11153| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11154| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11155| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11156| [92706] Apache ActiveMQ Debug Log Rendering XSS
11157| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11158| [92270] Apache Tomcat Unspecified CSRF
11159| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11160| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11161| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11162| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11163| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11164| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11165| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11166| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11167| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11168| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11169| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11170| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11171| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11172| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11173| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11174| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11175| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11176| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11177| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11178| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11179| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11180| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11181| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11182| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11183| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11184| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11185| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11186| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11187| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11188| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11189| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11190| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11191| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11192| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11193| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11194| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11195| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11196| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11197| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11198| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11199| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11200| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11201| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11202| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11203| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11204| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11205| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11206| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11207| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11208| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11209| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11210| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11211| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11212| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11213| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11214| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11215| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11216| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11217| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11218| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11219| [86901] Apache Tomcat Error Message Path Disclosure
11220| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11221| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11222| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11223| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11224| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11225| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11226| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11227| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11228| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11229| [85430] Apache mod_pagespeed Module Unspecified XSS
11230| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11231| [85249] Apache Wicket Unspecified XSS
11232| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11233| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11234| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11235| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11236| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11237| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11238| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11239| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11240| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11241| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11242| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11243| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11244| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11245| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11246| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11247| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11248| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11249| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11250| [83339] Apache Roller Blogger Roll Unspecified XSS
11251| [83270] Apache Roller Unspecified Admin Action CSRF
11252| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11253| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11254| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11255| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11256| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11257| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11258| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11259| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11260| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11261| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11262| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11263| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11264| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11265| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11266| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11267| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11268| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11269| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11270| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11271| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11272| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11273| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11274| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11275| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11276| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11277| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11278| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11279| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11280| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11281| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11282| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11283| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11284| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11285| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11286| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11287| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11288| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11289| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11290| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11291| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11292| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11293| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11294| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11295| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11296| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11297| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11298| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11299| [77593] Apache Struts Conversion Error OGNL Expression Injection
11300| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11301| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11302| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11303| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11304| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11305| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11306| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11307| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11308| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11309| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11310| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11311| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11312| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11313| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11314| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11315| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11316| [74725] Apache Wicket Multi Window Support Unspecified XSS
11317| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11318| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11319| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11320| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11321| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11322| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11323| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11324| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11325| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11326| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11327| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11328| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11329| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11330| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11331| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11332| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11333| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11334| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11335| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11336| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11337| [73154] Apache Archiva Multiple Unspecified CSRF
11338| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11339| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11340| [72238] Apache Struts Action / Method Names <
11341| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11342| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11343| [71557] Apache Tomcat HTML Manager Multiple XSS
11344| [71075] Apache Archiva User Management Page XSS
11345| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11346| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11347| [70924] Apache Continuum Multiple Admin Function CSRF
11348| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11349| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11350| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11351| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11352| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11353| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11354| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11355| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11356| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11357| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11358| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11359| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11360| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11361| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11362| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11363| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11364| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11365| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11366| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11367| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11368| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11369| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11370| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11371| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11372| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11373| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11374| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11375| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11376| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11377| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11378| [65054] Apache ActiveMQ Jetty Error Handler XSS
11379| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11380| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11381| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11382| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11383| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11384| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11385| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11386| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11387| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11388| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11389| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11390| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11391| [63895] Apache HTTP Server mod_headers Unspecified Issue
11392| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11393| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11394| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11395| [63140] Apache Thrift Service Malformed Data Remote DoS
11396| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11397| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11398| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11399| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11400| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11401| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11402| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11403| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11404| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11405| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11406| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11407| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11408| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11409| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11410| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11411| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11412| [60678] Apache Roller Comment Email Notification Manipulation DoS
11413| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11414| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11415| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11416| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11417| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11418| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11419| [60232] PHP on Apache php.exe Direct Request Remote DoS
11420| [60176] Apache Tomcat Windows Installer Admin Default Password
11421| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11422| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11423| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11424| [59944] Apache Hadoop jobhistory.jsp XSS
11425| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11426| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11427| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11428| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11429| [59019] Apache mod_python Cookie Salting Weakness
11430| [59018] Apache Harmony Error Message Handling Overflow
11431| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11432| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11433| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11434| [59010] Apache Solr get-file.jsp XSS
11435| [59009] Apache Solr action.jsp XSS
11436| [59008] Apache Solr analysis.jsp XSS
11437| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11438| [59006] Apache Beehive select / checkbox Tag XSS
11439| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11440| [59004] Apache Beehive Error Message XSS
11441| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11442| [59002] Apache Jetspeed default-page.psml URI XSS
11443| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11444| [59000] Apache CXF Unsigned Message Policy Bypass
11445| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11446| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11447| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11448| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11449| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11450| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11451| [58993] Apache Hadoop browseBlock.jsp XSS
11452| [58991] Apache Hadoop browseDirectory.jsp XSS
11453| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11454| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11455| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11456| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11457| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11458| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11459| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11460| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11461| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11462| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11463| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11464| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11465| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11466| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11467| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11468| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11469| [58974] Apache Sling /apps Script User Session Management Access Weakness
11470| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11471| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11472| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11473| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11474| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11475| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11476| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11477| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11478| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11479| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11480| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11481| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11482| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11483| [58805] Apache Derby Unauthenticated Database / Admin Access
11484| [58804] Apache Wicket Header Contribution Unspecified Issue
11485| [58803] Apache Wicket Session Fixation
11486| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11487| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11488| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11489| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11490| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11491| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11492| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11493| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11494| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11495| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11496| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11497| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11498| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11499| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11500| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11501| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11502| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11503| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11504| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11505| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11506| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11507| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11508| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11509| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11510| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11511| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11512| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11513| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11514| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11515| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11516| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11517| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11518| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11519| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11520| [58755] Apache Harmony DRLVM Non-public Class Member Access
11521| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11522| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11523| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11524| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11525| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11526| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11527| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11528| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11529| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11530| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11531| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11532| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11533| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11534| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11535| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11536| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11537| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11538| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11539| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11540| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11541| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11542| [58724] Apache Roller Logout Functionality Failure Session Persistence
11543| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11544| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11545| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11546| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11547| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11548| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11549| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11550| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11551| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11552| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11553| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11554| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11555| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11556| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11557| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11558| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11559| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11560| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11561| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11562| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11563| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11564| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11565| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11566| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11567| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11568| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11569| [58687] Apache Axis Invalid wsdl Request XSS
11570| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11571| [58685] Apache Velocity Template Designer Privileged Code Execution
11572| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11573| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11574| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11575| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11576| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11577| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11578| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11579| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11580| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11581| [58667] Apache Roller Database Cleartext Passwords Disclosure
11582| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11583| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11584| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11585| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11586| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11587| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11588| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11589| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11590| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11591| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11592| [56984] Apache Xerces2 Java Malformed XML Input DoS
11593| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11594| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11595| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11596| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11597| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11598| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11599| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11600| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11601| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11602| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11603| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11604| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11605| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11606| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11607| [55056] Apache Tomcat Cross-application TLD File Manipulation
11608| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11609| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11610| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11611| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11612| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11613| [54589] Apache Jserv Nonexistent JSP Request XSS
11614| [54122] Apache Struts s:a / s:url Tag href Element XSS
11615| [54093] Apache ActiveMQ Web Console JMS Message XSS
11616| [53932] Apache Geronimo Multiple Admin Function CSRF
11617| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11618| [53930] Apache Geronimo /console/portal/ URI XSS
11619| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11620| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11621| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11622| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11623| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11624| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11625| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11626| [53380] Apache Struts Unspecified XSS
11627| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11628| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11629| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11630| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11631| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11632| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11633| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11634| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11635| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11636| [51151] Apache Roller Search Function q Parameter XSS
11637| [50482] PHP with Apache php_value Order Unspecified Issue
11638| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11639| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11640| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11641| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11642| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11643| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11644| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11645| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11646| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11647| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11648| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11649| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11650| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11651| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11652| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11653| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11654| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11655| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11656| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11657| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11658| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11659| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11660| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11661| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11662| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11663| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11664| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11665| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11666| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11667| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11668| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11669| [43452] Apache Tomcat HTTP Request Smuggling
11670| [43309] Apache Geronimo LoginModule Login Method Bypass
11671| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11672| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11673| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11674| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11675| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11676| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11677| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11678| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11679| [42091] Apache Maven Site Plugin Installation Permission Weakness
11680| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11681| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11682| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11683| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11684| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11685| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11686| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11687| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11688| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11689| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11690| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11691| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11692| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11693| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11694| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11695| [40262] Apache HTTP Server mod_status refresh XSS
11696| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11697| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11698| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11699| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11700| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11701| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11702| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11703| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
11704| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
11705| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
11706| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
11707| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
11708| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
11709| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
11710| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
11711| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
11712| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
11713| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
11714| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
11715| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
11716| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
11717| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
11718| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
11719| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
11720| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
11721| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
11722| [36080] Apache Tomcat JSP Examples Crafted URI XSS
11723| [36079] Apache Tomcat Manager Uploaded Filename XSS
11724| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
11725| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
11726| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
11727| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
11728| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
11729| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
11730| [34881] Apache Tomcat Malformed Accept-Language Header XSS
11731| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
11732| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
11733| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
11734| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
11735| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
11736| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
11737| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
11738| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
11739| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
11740| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
11741| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
11742| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
11743| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
11744| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
11745| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
11746| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
11747| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
11748| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
11749| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
11750| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
11751| [32724] Apache mod_python _filter_read Freed Memory Disclosure
11752| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
11753| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
11754| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
11755| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
11756| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
11757| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
11758| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
11759| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
11760| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
11761| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
11762| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
11763| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
11764| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
11765| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
11766| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
11767| [24365] Apache Struts Multiple Function Error Message XSS
11768| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
11769| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
11770| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
11771| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
11772| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
11773| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
11774| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
11775| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
11776| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
11777| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
11778| [22459] Apache Geronimo Error Page XSS
11779| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
11780| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
11781| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
11782| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
11783| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
11784| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
11785| [21021] Apache Struts Error Message XSS
11786| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
11787| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
11788| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
11789| [20439] Apache Tomcat Directory Listing Saturation DoS
11790| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
11791| [20285] Apache HTTP Server Log File Control Character Injection
11792| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
11793| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
11794| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
11795| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
11796| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
11797| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
11798| [19821] Apache Tomcat Malformed Post Request Information Disclosure
11799| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
11800| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
11801| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
11802| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
11803| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
11804| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
11805| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
11806| [18233] Apache HTTP Server htdigest user Variable Overfow
11807| [17738] Apache HTTP Server HTTP Request Smuggling
11808| [16586] Apache HTTP Server Win32 GET Overflow DoS
11809| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
11810| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
11811| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
11812| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
11813| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
11814| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
11815| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
11816| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
11817| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
11818| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
11819| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
11820| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
11821| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
11822| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
11823| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
11824| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
11825| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
11826| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
11827| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
11828| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
11829| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
11830| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
11831| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
11832| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
11833| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
11834| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
11835| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
11836| [13304] Apache Tomcat realPath.jsp Path Disclosure
11837| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
11838| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
11839| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
11840| [12848] Apache HTTP Server htdigest realm Variable Overflow
11841| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
11842| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
11843| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
11844| [12557] Apache HTTP Server prefork MPM accept Error DoS
11845| [12233] Apache Tomcat MS-DOS Device Name Request DoS
11846| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
11847| [12231] Apache Tomcat web.xml Arbitrary File Access
11848| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
11849| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
11850| [12178] Apache Jakarta Lucene results.jsp XSS
11851| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
11852| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
11853| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
11854| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
11855| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
11856| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
11857| [10471] Apache Xerces-C++ XML Parser DoS
11858| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
11859| [10068] Apache HTTP Server htpasswd Local Overflow
11860| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
11861| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
11862| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
11863| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
11864| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
11865| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
11866| [9717] Apache HTTP Server mod_cookies Cookie Overflow
11867| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
11868| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
11869| [9714] Apache Authentication Module Threaded MPM DoS
11870| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
11871| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
11872| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
11873| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
11874| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
11875| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
11876| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
11877| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
11878| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
11879| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
11880| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
11881| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
11882| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
11883| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
11884| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
11885| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
11886| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
11887| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
11888| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
11889| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
11890| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
11891| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
11892| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
11893| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
11894| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
11895| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
11896| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
11897| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
11898| [9208] Apache Tomcat .jsp Encoded Newline XSS
11899| [9204] Apache Tomcat ROOT Application XSS
11900| [9203] Apache Tomcat examples Application XSS
11901| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
11902| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
11903| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
11904| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
11905| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
11906| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
11907| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
11908| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
11909| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
11910| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
11911| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
11912| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
11913| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
11914| [7611] Apache HTTP Server mod_alias Local Overflow
11915| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
11916| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
11917| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
11918| [6882] Apache mod_python Malformed Query String Variant DoS
11919| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
11920| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
11921| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
11922| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
11923| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
11924| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
11925| [5526] Apache Tomcat Long .JSP URI Path Disclosure
11926| [5278] Apache Tomcat web.xml Restriction Bypass
11927| [5051] Apache Tomcat Null Character DoS
11928| [4973] Apache Tomcat servlet Mapping XSS
11929| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
11930| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
11931| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
11932| [4568] mod_survey For Apache ENV Tags SQL Injection
11933| [4553] Apache HTTP Server ApacheBench Overflow DoS
11934| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
11935| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
11936| [4383] Apache HTTP Server Socket Race Condition DoS
11937| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
11938| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
11939| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
11940| [4231] Apache Cocoon Error Page Server Path Disclosure
11941| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
11942| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
11943| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
11944| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
11945| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
11946| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
11947| [3322] mod_php for Apache HTTP Server Process Hijack
11948| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
11949| [2885] Apache mod_python Malformed Query String DoS
11950| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
11951| [2733] Apache HTTP Server mod_rewrite Local Overflow
11952| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
11953| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
11954| [2149] Apache::Gallery Privilege Escalation
11955| [2107] Apache HTTP Server mod_ssl Host: Header XSS
11956| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
11957| [1833] Apache HTTP Server Multiple Slash GET Request DoS
11958| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
11959| [872] Apache Tomcat Multiple Default Accounts
11960| [862] Apache HTTP Server SSI Error Page XSS
11961| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
11962| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
11963| [845] Apache Tomcat MSDOS Device XSS
11964| [844] Apache Tomcat Java Servlet Error Page XSS
11965| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
11966| [838] Apache HTTP Server Chunked Encoding Remote Overflow
11967| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
11968| [775] Apache mod_python Module Importing Privilege Function Execution
11969| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
11970| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
11971| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
11972| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
11973| [637] Apache HTTP Server UserDir Directive Username Enumeration
11974| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
11975| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
11976| [562] Apache HTTP Server mod_info /server-info Information Disclosure
11977| [561] Apache Web Servers mod_status /server-status Information Disclosure
11978| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
11979| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
11980| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
11981| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
11982| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
11983| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
11984| [376] Apache Tomcat contextAdmin Arbitrary File Access
11985| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
11986| [222] Apache HTTP Server test-cgi Arbitrary File Access
11987| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
11988| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
11989|_
11990Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
11991Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.11 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.5 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%)
11992No exact OS matches for host (test conditions non-ideal).
11993Uptime guess: 2.513 days (since Tue Dec 3 14:53:06 2019)
11994Network Distance: 17 hops
11995
11996TRACEROUTE (using port 443/tcp)
11997HOP RTT ADDRESS
119981 135.44 ms 10.216.200.1
119992 ...
120003 135.78 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
120014 135.56 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
120025 142.83 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
120036 160.67 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)
120047 160.73 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)
120058 241.51 ms be12488.ccr42.lon13.atlas.cogentco.com (130.117.51.41)
120069 238.29 ms be2101.ccr32.bos01.atlas.cogentco.com (154.54.82.38)
1200710 245.13 ms be2807.ccr42.dca01.atlas.cogentco.com (154.54.40.110)
1200811 251.40 ms be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106)
1200912 271.54 ms be3482.ccr21.mia01.atlas.cogentco.com (154.54.24.146)
1201013 270.32 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
1201114 266.15 ms be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30)
1201215 267.41 ms 38.104.94.210
1201316 ...
1201417 272.93 ms 74.206.167.239
12015
12016NSE: Script Post-scanning.
12017Initiating NSE at 03:11
12018Completed NSE at 03:11, 0.00s elapsed
12019Initiating NSE at 03:11
12020Completed NSE at 03:11, 0.00s elapsed
12021#################################################################################################
12022Version: 1.11.13-static
12023OpenSSL 1.0.2-chacha (1.0.2g-dev)
12024
12025Connected to 74.206.167.239
12026
12027Testing SSL server 74.206.167.239 on port 443 using SNI name 74.206.167.239
12028
12029 TLS Fallback SCSV:
12030Server supports TLS Fallback SCSV
12031
12032 TLS renegotiation:
12033Secure session renegotiation supported
12034
12035 TLS Compression:
12036Compression disabled
12037
12038 Heartbleed:
12039TLS 1.2 not vulnerable to heartbleed
12040TLS 1.1 not vulnerable to heartbleed
12041TLS 1.0 not vulnerable to heartbleed
12042
12043 Supported Server Cipher(s):
12044Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
12045Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
12046Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12047Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
12048Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
12049Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12050Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12051Accepted TLSv1.2 256 bits AES256-GCM-SHA384
12052Accepted TLSv1.2 256 bits AES256-SHA256
12053Accepted TLSv1.2 256 bits AES256-SHA
12054Accepted TLSv1.2 256 bits CAMELLIA256-SHA
12055Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
12056Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
12057Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12058Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
12059Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
12060Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12061Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12062Accepted TLSv1.2 128 bits AES128-GCM-SHA256
12063Accepted TLSv1.2 128 bits AES128-SHA256
12064Accepted TLSv1.2 128 bits AES128-SHA
12065Accepted TLSv1.2 128 bits CAMELLIA128-SHA
12066Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12067Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12068Accepted TLSv1.2 112 bits DES-CBC3-SHA
12069Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
12070Accepted TLSv1.2 128 bits SEED-SHA
12071Accepted TLSv1.2 128 bits IDEA-CBC-SHA
12072Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12073Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12074Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12075Accepted TLSv1.1 256 bits AES256-SHA
12076Accepted TLSv1.1 256 bits CAMELLIA256-SHA
12077Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12078Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12079Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12080Accepted TLSv1.1 128 bits AES128-SHA
12081Accepted TLSv1.1 128 bits CAMELLIA128-SHA
12082Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12083Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12084Accepted TLSv1.1 112 bits DES-CBC3-SHA
12085Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
12086Accepted TLSv1.1 128 bits SEED-SHA
12087Accepted TLSv1.1 128 bits IDEA-CBC-SHA
12088Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12089Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12090Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12091Accepted TLSv1.0 256 bits AES256-SHA
12092Accepted TLSv1.0 256 bits CAMELLIA256-SHA
12093Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12094Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12095Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12096Accepted TLSv1.0 128 bits AES128-SHA
12097Accepted TLSv1.0 128 bits CAMELLIA128-SHA
12098Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12099Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12100Accepted TLSv1.0 112 bits DES-CBC3-SHA
12101Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
12102Accepted TLSv1.0 128 bits SEED-SHA
12103Accepted TLSv1.0 128 bits IDEA-CBC-SHA
12104
12105 SSL Certificate:
12106Signature Algorithm: sha256WithRSAEncryption
12107RSA Key Strength: 2048
12108
12109Subject: karupspc.com
12110Altnames: DNS:karupspc.com, DNS:mbtour.karupspc.com, DNS:www.karupspc.com, DNS:www3.karupspc.com
12111Issuer: Let's Encrypt Authority X3
12112
12113Not valid before: Sep 25 01:35:57 2019 GMT
12114Not valid after: Dec 24 01:35:57 2019 GMT
12115#################################################################################################
12116Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:21 EST
12117NSE: Loaded 47 scripts for scanning.
12118NSE: Script Pre-scanning.
12119Initiating NSE at 03:21
12120Completed NSE at 03:21, 0.00s elapsed
12121Initiating NSE at 03:21
12122Completed NSE at 03:21, 0.00s elapsed
12123Initiating Parallel DNS resolution of 1 host. at 03:21
12124Completed Parallel DNS resolution of 1 host. at 03:21, 0.07s elapsed
12125Initiating SYN Stealth Scan at 03:21
12126Scanning 74.206.167.239 [65535 ports]
12127Discovered open port 443/tcp on 74.206.167.239
12128Discovered open port 80/tcp on 74.206.167.239
12129SYN Stealth Scan Timing: About 6.12% done; ETC: 03:29 (0:07:55 remaining)
12130SYN Stealth Scan Timing: About 21.15% done; ETC: 03:26 (0:03:47 remaining)
12131SYN Stealth Scan Timing: About 33.55% done; ETC: 03:25 (0:03:00 remaining)
12132SYN Stealth Scan Timing: About 49.98% done; ETC: 03:26 (0:02:43 remaining)
12133SYN Stealth Scan Timing: About 57.59% done; ETC: 03:26 (0:02:22 remaining)
12134SYN Stealth Scan Timing: About 39.41% done; ETC: 03:30 (0:05:43 remaining)
12135SYN Stealth Scan Timing: About 53.37% done; ETC: 03:32 (0:05:10 remaining)
12136SYN Stealth Scan Timing: About 60.05% done; ETC: 03:31 (0:04:16 remaining)
12137SYN Stealth Scan Timing: About 67.97% done; ETC: 03:31 (0:03:16 remaining)
12138SYN Stealth Scan Timing: About 76.38% done; ETC: 03:32 (0:02:45 remaining)
12139SYN Stealth Scan Timing: About 82.88% done; ETC: 03:33 (0:02:10 remaining)
12140SYN Stealth Scan Timing: About 88.24% done; ETC: 03:34 (0:01:32 remaining)
12141SYN Stealth Scan Timing: About 93.58% done; ETC: 03:34 (0:00:52 remaining)
12142Completed SYN Stealth Scan at 03:34, 796.27s elapsed (65535 total ports)
12143Initiating Service scan at 03:34
12144Scanning 2 services on 74.206.167.239
12145Completed Service scan at 03:34, 26.43s elapsed (2 services on 1 host)
12146Initiating OS detection (try #1) against 74.206.167.239
12147Retrying OS detection (try #2) against 74.206.167.239
12148Initiating Traceroute at 03:35
12149Completed Traceroute at 03:35, 3.01s elapsed
12150Initiating Parallel DNS resolution of 15 hosts. at 03:35
12151Completed Parallel DNS resolution of 15 hosts. at 03:35, 0.29s elapsed
12152NSE: Script scanning 74.206.167.239.
12153Initiating NSE at 03:35
12154Completed NSE at 03:35, 4.06s elapsed
12155Initiating NSE at 03:35
12156Completed NSE at 03:35, 2.25s elapsed
12157Nmap scan report for 74.206.167.239
12158Host is up (0.24s latency).
12159Not shown: 65528 filtered ports
12160PORT STATE SERVICE VERSION
1216125/tcp closed smtp
1216280/tcp open http Apache httpd
12163|_http-server-header: Apache
12164|_https-redirect: ERROR: Script execution failed (use -d to debug)
12165| vulscan: VulDB - https://vuldb.com:
12166| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12167| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12168| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12169| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12170| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12171| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12172| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12173| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12174| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12175| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12176| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12177| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12178| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12179| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12180| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12181| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12182| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12183| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12184| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12185| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12186| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12187| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12188| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12189| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12190| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12191| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12192| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12193| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12194| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12195| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12196| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12197| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12198| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12199| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12200| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12201| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12202| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12203| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12204| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12205| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12206| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12207| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12208| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12209| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12210| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12211| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12212| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12213| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12214| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12215| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12216| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12217| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12218| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12219| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12220| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12221| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12222| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12223| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12224| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12225| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12226| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12227| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12228| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12229| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12230| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12231| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12232| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12233| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12234| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12235| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12236| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12237| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12238| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12239| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12240| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12241| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12242| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12243| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12244| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12245| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12246| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12247| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12248| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12249| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12250| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12251| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12252| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12253| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12254| [136370] Apache Fineract up to 1.2.x sql injection
12255| [136369] Apache Fineract up to 1.2.x sql injection
12256| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12257| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12258| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12259| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12260| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12261| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12262| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12263| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12264| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12265| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12266| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12267| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12268| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12269| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12270| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12271| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12272| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12273| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12274| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12275| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12276| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12277| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12278| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12279| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12280| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12281| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12282| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12283| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12284| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12285| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12286| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12287| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12288| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12289| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12290| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12291| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12292| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12293| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12294| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12295| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12296| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12297| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12298| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12299| [130629] Apache Guacamole Cookie Flag weak encryption
12300| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12301| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12302| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12303| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12304| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12305| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12306| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12307| [130123] Apache Airflow up to 1.8.2 information disclosure
12308| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12309| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12310| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12311| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12312| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12313| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12314| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12315| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12316| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12317| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12318| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12319| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12320| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12321| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12322| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12323| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12324| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12325| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12326| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12327| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12328| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12329| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12330| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12331| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12332| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12333| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12334| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12335| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12336| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12337| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12338| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12339| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12340| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12341| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12342| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12343| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12344| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12345| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12346| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12347| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12348| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12349| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12350| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12351| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12352| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12353| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12354| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12355| [127007] Apache Spark Request Code Execution
12356| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12357| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12358| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12359| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12360| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12361| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12362| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12363| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12364| [126346] Apache Tomcat Path privilege escalation
12365| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12366| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12367| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12368| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12369| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12370| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12371| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12372| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12373| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12374| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12375| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12376| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12377| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12378| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12379| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12380| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12381| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12382| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12383| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12384| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12385| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12386| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12387| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12388| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12389| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12390| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12391| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12392| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12393| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12394| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12395| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12396| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12397| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12398| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12399| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12400| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12401| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12402| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12403| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12404| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12405| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12406| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12407| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12408| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12409| [123197] Apache Sentry up to 2.0.0 privilege escalation
12410| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12411| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12412| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12413| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12414| [122800] Apache Spark 1.3.0 REST API weak authentication
12415| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12416| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12417| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12418| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12419| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12420| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12421| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12422| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12423| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12424| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12425| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12426| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12427| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12428| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12429| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12430| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12431| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12432| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12433| [121354] Apache CouchDB HTTP API Code Execution
12434| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12435| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12436| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12437| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12438| [120168] Apache CXF weak authentication
12439| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12440| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12441| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12442| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12443| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12444| [119306] Apache MXNet Network Interface privilege escalation
12445| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12446| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12447| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12448| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12449| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12450| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12451| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12452| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12453| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12454| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12455| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12456| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12457| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12458| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12459| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12460| [117115] Apache Tika up to 1.17 tika-server command injection
12461| [116929] Apache Fineract getReportType Parameter privilege escalation
12462| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12463| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12464| [116926] Apache Fineract REST Parameter privilege escalation
12465| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12466| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12467| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12468| [115883] Apache Hive up to 2.3.2 privilege escalation
12469| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12470| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12471| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12472| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12473| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12474| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12475| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12476| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12477| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12478| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12479| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12480| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12481| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12482| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12483| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12484| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12485| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12486| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12487| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12488| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12489| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12490| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12491| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12492| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12493| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12494| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12495| [113895] Apache Geode up to 1.3.x Code Execution
12496| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12497| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12498| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12499| [113747] Apache Tomcat Servlets privilege escalation
12500| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12501| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12502| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12503| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12504| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12505| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12506| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12507| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12508| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12509| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12510| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12511| [112885] Apache Allura up to 1.8.0 File information disclosure
12512| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12513| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12514| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12515| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12516| [112625] Apache POI up to 3.16 Loop denial of service
12517| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12518| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12519| [112339] Apache NiFi 1.5.0 Header privilege escalation
12520| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12521| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12522| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12523| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12524| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12525| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12526| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12527| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12528| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12529| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12530| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12531| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12532| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12533| [112114] Oracle 9.1 Apache Log4j privilege escalation
12534| [112113] Oracle 9.1 Apache Log4j privilege escalation
12535| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12536| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12537| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12538| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12539| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12540| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12541| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12542| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12543| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12544| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12545| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12546| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12547| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12548| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12549| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12550| [110701] Apache Fineract Query Parameter sql injection
12551| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12552| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12553| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12554| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12555| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12556| [110106] Apache CXF Fediz Spring cross site request forgery
12557| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12558| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12559| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12560| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12561| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12562| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12563| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12564| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12565| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12566| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12567| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12568| [108938] Apple macOS up to 10.13.1 apache denial of service
12569| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12570| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12571| [108935] Apple macOS up to 10.13.1 apache denial of service
12572| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12573| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12574| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12575| [108931] Apple macOS up to 10.13.1 apache denial of service
12576| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12577| [108929] Apple macOS up to 10.13.1 apache denial of service
12578| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12579| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12580| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12581| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12582| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12583| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12584| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12585| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
12586| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12587| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12588| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12589| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12590| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12591| [108782] Apache Xerces2 XML Service denial of service
12592| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12593| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12594| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12595| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12596| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12597| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12598| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12599| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12600| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12601| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12602| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12603| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12604| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12605| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12606| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12607| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12608| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12609| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12610| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12611| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12612| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12613| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12614| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12615| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12616| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12617| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12618| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12619| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12620| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12621| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12622| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12623| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12624| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12625| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12626| [107639] Apache NiFi 1.4.0 XML External Entity
12627| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12628| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12629| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12630| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12631| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12632| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12633| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12634| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12635| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12636| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12637| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12638| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12639| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12640| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12641| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12642| [107084] Apache Struts up to 2.3.19 cross site scripting
12643| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12644| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12645| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12646| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12647| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12648| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12649| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12650| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12651| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12652| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12653| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12654| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12655| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12656| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12657| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12658| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12659| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12660| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12661| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12662| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12663| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12664| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12665| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12666| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
12667| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
12668| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
12669| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
12670| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
12671| [105878] Apache Struts up to 2.3.24.0 privilege escalation
12672| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
12673| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
12674| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
12675| [105643] Apache Pony Mail up to 0.8b weak authentication
12676| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
12677| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
12678| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
12679| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
12680| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
12681| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
12682| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
12683| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
12684| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
12685| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
12686| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
12687| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
12688| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
12689| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
12690| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
12691| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
12692| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
12693| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
12694| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
12695| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
12696| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
12697| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
12698| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
12699| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
12700| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
12701| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
12702| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
12703| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
12704| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
12705| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
12706| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
12707| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
12708| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
12709| [103690] Apache OpenMeetings 1.0.0 sql injection
12710| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
12711| [103688] Apache OpenMeetings 1.0.0 weak encryption
12712| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
12713| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
12714| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
12715| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
12716| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
12717| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
12718| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
12719| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
12720| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
12721| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
12722| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
12723| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
12724| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
12725| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
12726| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
12727| [103352] Apache Solr Node weak authentication
12728| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
12729| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
12730| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
12731| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
12732| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
12733| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
12734| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
12735| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
12736| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
12737| [102536] Apache Ranger up to 0.6 Stored cross site scripting
12738| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
12739| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
12740| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
12741| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
12742| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
12743| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
12744| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
12745| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
12746| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
12747| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
12748| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
12749| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
12750| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
12751| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
12752| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
12753| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
12754| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
12755| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
12756| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
12757| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
12758| [99937] Apache Batik up to 1.8 privilege escalation
12759| [99936] Apache FOP up to 2.1 privilege escalation
12760| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
12761| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
12762| [99930] Apache Traffic Server up to 6.2.0 denial of service
12763| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
12764| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
12765| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
12766| [117569] Apache Hadoop up to 2.7.3 privilege escalation
12767| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
12768| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
12769| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
12770| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
12771| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
12772| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
12773| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
12774| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
12775| [99014] Apache Camel Jackson/JacksonXML privilege escalation
12776| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12777| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
12778| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12779| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
12780| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
12781| [98605] Apple macOS up to 10.12.3 Apache denial of service
12782| [98604] Apple macOS up to 10.12.3 Apache denial of service
12783| [98603] Apple macOS up to 10.12.3 Apache denial of service
12784| [98602] Apple macOS up to 10.12.3 Apache denial of service
12785| [98601] Apple macOS up to 10.12.3 Apache denial of service
12786| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
12787| [98405] Apache Hadoop up to 0.23.10 privilege escalation
12788| [98199] Apache Camel Validation XML External Entity
12789| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
12790| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
12791| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
12792| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
12793| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
12794| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
12795| [97081] Apache Tomcat HTTPS Request denial of service
12796| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
12797| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
12798| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
12799| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
12800| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
12801| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
12802| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
12803| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
12804| [95311] Apache Storm UI Daemon privilege escalation
12805| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
12806| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
12807| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
12808| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
12809| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
12810| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
12811| [94540] Apache Tika 1.9 tika-server File information disclosure
12812| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
12813| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
12814| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
12815| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
12816| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
12817| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
12818| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12819| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12820| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
12821| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
12822| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
12823| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
12824| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
12825| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
12826| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12827| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12828| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
12829| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
12830| [93532] Apache Commons Collections Library Java privilege escalation
12831| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
12832| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
12833| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
12834| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
12835| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
12836| [93098] Apache Commons FileUpload privilege escalation
12837| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
12838| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
12839| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
12840| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
12841| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
12842| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
12843| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
12844| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
12845| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
12846| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
12847| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
12848| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
12849| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
12850| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
12851| [92549] Apache Tomcat on Red Hat privilege escalation
12852| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
12853| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
12854| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
12855| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
12856| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
12857| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
12858| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
12859| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
12860| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
12861| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
12862| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
12863| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
12864| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
12865| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
12866| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
12867| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
12868| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
12869| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
12870| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
12871| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
12872| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
12873| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
12874| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
12875| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
12876| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
12877| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
12878| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
12879| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
12880| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
12881| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
12882| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
12883| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
12884| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
12885| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
12886| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
12887| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
12888| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
12889| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
12890| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
12891| [90263] Apache Archiva Header denial of service
12892| [90262] Apache Archiva Deserialize privilege escalation
12893| [90261] Apache Archiva XML DTD Connection privilege escalation
12894| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
12895| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
12896| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
12897| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
12898| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12899| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12900| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
12901| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
12902| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
12903| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
12904| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
12905| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
12906| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
12907| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
12908| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
12909| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
12910| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
12911| [87765] Apache James Server 2.3.2 Command privilege escalation
12912| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
12913| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
12914| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
12915| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
12916| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
12917| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
12918| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
12919| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
12920| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
12921| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12922| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12923| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
12924| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
12925| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
12926| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12927| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
12928| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
12929| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
12930| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
12931| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
12932| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
12933| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
12934| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
12935| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
12936| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
12937| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
12938| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
12939| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
12940| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
12941| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
12942| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
12943| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
12944| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
12945| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
12946| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
12947| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
12948| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
12949| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
12950| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
12951| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
12952| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
12953| [82076] Apache Ranger up to 0.5.1 privilege escalation
12954| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
12955| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
12956| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
12957| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
12958| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
12959| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
12960| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
12961| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
12962| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
12963| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
12964| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
12965| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
12966| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12967| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
12968| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
12969| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
12970| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
12971| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
12972| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
12973| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
12974| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
12975| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
12976| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
12977| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
12978| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
12979| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
12980| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
12981| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
12982| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
12983| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
12984| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
12985| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
12986| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
12987| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
12988| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
12989| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
12990| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
12991| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
12992| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
12993| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
12994| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
12995| [79791] Cisco Products Apache Commons Collections Library privilege escalation
12996| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12997| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
12998| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
12999| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13000| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13001| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13002| [78989] Apache Ambari up to 2.1.1 Open Redirect
13003| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13004| [78987] Apache Ambari up to 2.0.x cross site scripting
13005| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13006| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13007| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13008| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13009| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13010| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13011| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13012| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13013| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13014| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13015| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13016| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13017| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13018| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13019| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13020| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13021| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13022| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13023| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13024| [76567] Apache Struts 2.3.20 unknown vulnerability
13025| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13026| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13027| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13028| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13029| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13030| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13031| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13032| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13033| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13034| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13035| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13036| [74793] Apache Tomcat File Upload denial of service
13037| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13038| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13039| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13040| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13041| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13042| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13043| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13044| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13045| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13046| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13047| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13048| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13049| [74468] Apache Batik up to 1.6 denial of service
13050| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13051| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13052| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13053| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13054| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13055| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13056| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13057| [73731] Apache XML Security unknown vulnerability
13058| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13059| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13060| [73593] Apache Traffic Server up to 5.1.0 denial of service
13061| [73511] Apache POI up to 3.10 Deadlock denial of service
13062| [73510] Apache Solr up to 4.3.0 cross site scripting
13063| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13064| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13065| [73173] Apache CloudStack Stack-Based unknown vulnerability
13066| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13067| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13068| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13069| [72890] Apache Qpid 0.30 unknown vulnerability
13070| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13071| [72878] Apache Cordova 3.5.0 cross site request forgery
13072| [72877] Apache Cordova 3.5.0 cross site request forgery
13073| [72876] Apache Cordova 3.5.0 cross site request forgery
13074| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13075| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13076| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13077| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13078| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13079| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13080| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13081| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13082| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13083| [71629] Apache Axis2/C spoofing
13084| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13085| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13086| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13087| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13088| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13089| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13090| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13091| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13092| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13093| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13094| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13095| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13096| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13097| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13098| [70809] Apache POI up to 3.11 Crash denial of service
13099| [70808] Apache POI up to 3.10 unknown vulnerability
13100| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13101| [70749] Apache Axis up to 1.4 getCN spoofing
13102| [70701] Apache Traffic Server up to 3.3.5 denial of service
13103| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13104| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13105| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13106| [70661] Apache Subversion up to 1.6.17 denial of service
13107| [70660] Apache Subversion up to 1.6.17 spoofing
13108| [70659] Apache Subversion up to 1.6.17 spoofing
13109| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13110| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13111| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13112| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13113| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13114| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13115| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13116| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13117| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13118| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13119| [69846] Apache HBase up to 0.94.8 information disclosure
13120| [69783] Apache CouchDB up to 1.2.0 memory corruption
13121| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13122| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13123| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13124| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13125| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13126| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13127| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13128| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13129| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13130| [69431] Apache Archiva up to 1.3.6 cross site scripting
13131| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13132| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13133| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13134| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13135| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13136| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13137| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13138| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13139| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13140| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13141| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13142| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13143| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13144| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13145| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13146| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13147| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13148| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13149| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13150| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13151| [66356] Apache Wicket up to 6.8.0 information disclosure
13152| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13153| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13154| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13155| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13156| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13157| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13158| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13159| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13160| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13161| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13162| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13163| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13164| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13165| [65668] Apache Solr 4.0.0 Updater denial of service
13166| [65665] Apache Solr up to 4.3.0 denial of service
13167| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13168| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13169| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13170| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13171| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13172| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13173| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13174| [65410] Apache Struts 2.3.15.3 cross site scripting
13175| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13176| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13177| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13178| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13179| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13180| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13181| [65340] Apache Shindig 2.5.0 information disclosure
13182| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13183| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13184| [10826] Apache Struts 2 File privilege escalation
13185| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13186| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13187| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13188| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13189| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13190| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13191| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13192| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13193| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13194| [64722] Apache XML Security for C++ Heap-based memory corruption
13195| [64719] Apache XML Security for C++ Heap-based memory corruption
13196| [64718] Apache XML Security for C++ verify denial of service
13197| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13198| [64716] Apache XML Security for C++ spoofing
13199| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13200| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13201| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13202| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13203| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13204| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13205| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13206| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13207| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13208| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13209| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13210| [64467] Apache Geronimo 3.0 memory corruption
13211| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13212| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13213| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13214| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13215| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13216| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13217| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13218| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13219| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13220| [8873] Apache Struts 2.3.14 privilege escalation
13221| [8872] Apache Struts 2.3.14 privilege escalation
13222| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13223| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13224| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13225| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13226| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13227| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13228| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13229| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13230| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13231| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13232| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13233| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13234| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13235| [8427] Apache Tomcat Session Transaction weak authentication
13236| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13237| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13238| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13239| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13240| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13241| [63747] Apache Rave up to 0.20 User Account information disclosure
13242| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13243| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13244| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13245| [7687] Apache CXF up to 2.7.2 Token weak authentication
13246| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13247| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13248| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13249| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13250| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13251| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13252| [63090] Apache Tomcat up to 4.1.24 denial of service
13253| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13254| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13255| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13256| [62833] Apache CXF -/2.6.0 spoofing
13257| [62832] Apache Axis2 up to 1.6.2 spoofing
13258| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13259| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13260| [62826] Apache Libcloud up to 0.11.0 spoofing
13261| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13262| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13263| [62661] Apache Axis2 unknown vulnerability
13264| [62658] Apache Axis2 unknown vulnerability
13265| [62467] Apache Qpid up to 0.17 denial of service
13266| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13267| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13268| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13269| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13270| [62035] Apache Struts up to 2.3.4 denial of service
13271| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13272| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13273| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13274| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13275| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13276| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13277| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13278| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13279| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13280| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13281| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13282| [61229] Apache Sling up to 2.1.1 denial of service
13283| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13284| [61094] Apache Roller up to 5.0 cross site scripting
13285| [61093] Apache Roller up to 5.0 cross site request forgery
13286| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13287| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13288| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13289| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13290| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13291| [60708] Apache Qpid 0.12 unknown vulnerability
13292| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13293| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13294| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13295| [4882] Apache Wicket up to 1.5.4 directory traversal
13296| [4881] Apache Wicket up to 1.4.19 cross site scripting
13297| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13298| [60352] Apache Struts up to 2.2.3 memory corruption
13299| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13300| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13301| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13302| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13303| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13304| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13305| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13306| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13307| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13308| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13309| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13310| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13311| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13312| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13313| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13314| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13315| [59888] Apache Tomcat up to 6.0.6 denial of service
13316| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13317| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13318| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13319| [59850] Apache Geronimo up to 2.2.1 denial of service
13320| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13321| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13322| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13323| [58413] Apache Tomcat up to 6.0.10 spoofing
13324| [58381] Apache Wicket up to 1.4.17 cross site scripting
13325| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13326| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13327| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13328| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13329| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13330| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13331| [57568] Apache Archiva up to 1.3.4 cross site scripting
13332| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13333| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13334| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13335| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13336| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13337| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13338| [57025] Apache Tomcat up to 7.0.11 information disclosure
13339| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13340| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13341| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13342| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13343| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13344| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13345| [56512] Apache Continuum up to 1.4.0 cross site scripting
13346| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13347| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13348| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13349| [56441] Apache Tomcat up to 7.0.6 denial of service
13350| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13351| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13352| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13353| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13354| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13355| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13356| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13357| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13358| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13359| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13360| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13361| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13362| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13363| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13364| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13365| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13366| [54012] Apache Tomcat up to 6.0.10 denial of service
13367| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13368| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13369| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13370| [52894] Apache Tomcat up to 6.0.7 information disclosure
13371| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13372| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13373| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13374| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13375| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13376| [52584] Apache CouchDB up to 0.10.1 information disclosure
13377| [51757] Apache HTTP Server 2.0.44 cross site scripting
13378| [51756] Apache HTTP Server 2.0.44 spoofing
13379| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13380| [51690] Apache Tomcat up to 6.0 directory traversal
13381| [51689] Apache Tomcat up to 6.0 information disclosure
13382| [51688] Apache Tomcat up to 6.0 directory traversal
13383| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13384| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13385| [50626] Apache Solr 1.0.0 cross site scripting
13386| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13387| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13388| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13389| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13390| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13391| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13392| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13393| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13394| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13395| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13396| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13397| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13398| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13399| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13400| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13401| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13402| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13403| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13404| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13405| [47214] Apachefriends xampp 1.6.8 spoofing
13406| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13407| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13408| [47065] Apache Tomcat 4.1.23 cross site scripting
13409| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13410| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13411| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13412| [86625] Apache Struts directory traversal
13413| [44461] Apache Tomcat up to 5.5.0 information disclosure
13414| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13415| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13416| [43663] Apache Tomcat up to 6.0.16 directory traversal
13417| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13418| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13419| [43516] Apache Tomcat up to 4.1.20 directory traversal
13420| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13421| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13422| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13423| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13424| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13425| [40924] Apache Tomcat up to 6.0.15 information disclosure
13426| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13427| [40922] Apache Tomcat up to 6.0 information disclosure
13428| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13429| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13430| [40656] Apache Tomcat 5.5.20 information disclosure
13431| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13432| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13433| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13434| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13435| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13436| [40234] Apache Tomcat up to 6.0.15 directory traversal
13437| [40221] Apache HTTP Server 2.2.6 information disclosure
13438| [40027] David Castro Apache Authcas 0.4 sql injection
13439| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13440| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13441| [3414] Apache Tomcat WebDAV Stored privilege escalation
13442| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13443| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13444| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13445| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13446| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13447| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13448| [38524] Apache Geronimo 2.0 unknown vulnerability
13449| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13450| [38331] Apache Tomcat 4.1.24 information disclosure
13451| [38330] Apache Tomcat 4.1.24 information disclosure
13452| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13453| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13454| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13455| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13456| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13457| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13458| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13459| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13460| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13461| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13462| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13463| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13464| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13465| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13466| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13467| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13468| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13469| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13470| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13471| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13472| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13473| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13474| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13475| [34252] Apache HTTP Server denial of service
13476| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13477| [33877] Apache Opentaps 0.9.3 cross site scripting
13478| [33876] Apache Open For Business Project unknown vulnerability
13479| [33875] Apache Open For Business Project cross site scripting
13480| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13481| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13482|
13483| MITRE CVE - https://cve.mitre.org:
13484| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13485| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13486| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13487| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13488| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13489| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13490| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13491| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13492| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13493| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13494| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13495| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13496| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13497| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13498| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13499| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13500| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13501| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13502| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13503| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13504| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13505| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13506| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13507| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13508| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13509| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13510| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13511| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13512| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13513| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13514| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13515| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13516| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13517| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13518| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13519| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13520| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13521| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13522| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13523| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13524| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13525| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13526| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13527| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13528| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13529| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13530| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13531| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13532| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13533| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13534| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13535| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13536| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13537| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13538| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13539| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13540| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13541| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13542| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13543| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13544| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13545| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13546| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13547| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13548| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13549| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13550| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13551| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13552| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13553| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13554| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13555| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13556| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13557| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13558| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13559| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13560| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13561| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13562| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13563| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13564| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13565| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13566| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13567| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13568| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13569| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13570| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13571| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13572| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13573| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13574| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13575| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13576| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13577| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13578| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13579| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13580| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13581| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13582| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13583| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13584| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13585| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13586| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13587| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13588| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13589| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13590| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13591| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13592| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13593| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13594| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13595| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13596| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13597| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13598| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13599| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13600| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13601| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13602| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13603| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13604| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13605| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13606| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13607| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13608| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13609| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13610| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13611| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13612| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13613| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13614| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13615| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13616| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13617| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13618| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13619| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13620| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13621| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13622| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13623| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13624| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13625| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13626| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13627| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13628| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13629| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13630| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13631| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13632| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13633| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13634| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13635| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13636| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13637| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13638| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13639| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13640| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13641| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13642| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13643| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13644| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13645| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13646| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13647| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13648| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13649| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13650| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13651| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13652| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13653| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13654| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13655| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13656| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13657| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13658| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13659| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13660| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13661| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13662| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13663| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13664| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13665| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13666| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
13667| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
13668| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
13669| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
13670| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
13671| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
13672| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
13673| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
13674| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
13675| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
13676| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
13677| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
13678| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
13679| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
13680| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
13681| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
13682| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
13683| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
13684| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
13685| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
13686| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
13687| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
13688| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
13689| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
13690| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
13691| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
13692| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
13693| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
13694| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
13695| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
13696| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
13697| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
13698| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
13699| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
13700| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
13701| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
13702| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
13703| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13704| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13705| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13706| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
13707| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
13708| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
13709| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
13710| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13711| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
13712| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
13713| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
13714| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
13715| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
13716| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
13717| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
13718| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
13719| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
13720| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
13721| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
13722| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13723| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
13724| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
13725| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
13726| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
13727| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
13728| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13729| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
13730| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
13731| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
13732| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
13733| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
13734| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
13735| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
13736| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
13737| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
13738| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
13739| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
13740| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
13741| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
13742| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
13743| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
13744| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
13745| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
13746| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
13747| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
13748| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
13749| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
13750| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
13751| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
13752| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
13753| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13754| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
13755| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
13756| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
13757| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
13758| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
13759| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
13760| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
13761| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
13762| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
13763| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
13764| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
13765| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
13766| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
13767| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
13768| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
13769| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
13770| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
13771| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
13772| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
13773| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
13774| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
13775| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
13776| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
13777| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13778| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13779| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
13780| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
13781| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
13782| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13783| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
13784| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
13785| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
13786| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
13787| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
13788| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
13789| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13790| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13791| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
13792| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
13793| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
13794| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13795| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
13796| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
13797| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
13798| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
13799| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
13800| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
13801| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
13802| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
13803| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13804| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
13805| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
13806| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
13807| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
13808| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
13809| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
13810| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
13811| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
13812| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
13813| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
13814| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
13815| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
13816| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
13817| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
13818| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
13819| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
13820| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
13821| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
13822| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
13823| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
13824| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
13825| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
13826| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
13827| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
13828| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
13829| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
13830| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
13831| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13832| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13833| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
13834| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
13835| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
13836| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13837| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
13838| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
13839| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
13840| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
13841| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
13842| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
13843| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
13844| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
13845| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
13846| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
13847| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
13848| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
13849| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
13850| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13851| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13852| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
13853| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
13854| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
13855| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
13856| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
13857| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
13858| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
13859| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13860| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
13861| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13862| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
13863| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
13864| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
13865| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13866| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
13867| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13868| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
13869| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
13870| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13871| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
13872| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
13873| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
13874| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
13875| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
13876| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
13877| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
13878| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
13879| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13880| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
13881| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
13882| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
13883| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
13884| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
13885| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
13886| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
13887| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
13888| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
13889| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
13890| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
13891| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
13892| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
13893| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
13894| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
13895| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
13896| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
13897| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
13898| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
13899| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
13900| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
13901| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13902| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13903| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
13904| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
13905| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
13906| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
13907| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
13908| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
13909| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
13910| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
13911| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
13912| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
13913| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
13914| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
13915| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
13916| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
13917| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
13918| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
13919| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
13920| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
13921| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
13922| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
13923| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
13924| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
13925| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
13926| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13927| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
13928| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
13929| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
13930| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
13931| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
13932| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
13933| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
13934| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
13935| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
13936| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
13937| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
13938| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
13939| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
13940| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
13941| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
13942| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
13943| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
13944| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13945| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
13946| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
13947| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
13948| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
13949| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
13950| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
13951| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
13952| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
13953| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
13954| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
13955| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
13956| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
13957| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
13958| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
13959| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
13960| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
13961| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
13962| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
13963| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
13964| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
13965| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
13966| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
13967| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
13968| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
13969| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
13970| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
13971| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13972| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
13973| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
13974| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
13975| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
13976| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
13977| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
13978| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
13979| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
13980| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
13981| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
13982| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
13983| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
13984| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
13985| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
13986| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
13987| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
13988| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
13989| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
13990| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
13991| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
13992| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
13993| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
13994| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
13995| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
13996| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
13997| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
13998| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
13999| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14000| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14001| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14002| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14003| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14004| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14005| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14006| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14007| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14008| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14009| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14010| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14011| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14012| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14013| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14014| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14015| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14016| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14017| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14018| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14019| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14020| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14021| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14022| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14023| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14024| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14025| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14026| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14027| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14028| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14029| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14030| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14031| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14032| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14033| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14034| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14035| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14036| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14037| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14038| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14039| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14040| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14041| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14042| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14043| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14044| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14045| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14046| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14047| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14048| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14049| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14050| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14051| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14052| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14053| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14054| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14055| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14056| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14057| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14058| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14059| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14060| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14061| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14062| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14063| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14064| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14065| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14066| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14067| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14068| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14069| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14070| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14071| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14072| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14073| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14074| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14075| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14076| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14077| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14078| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14079| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14080| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14081| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14082| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14083| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14084| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14085| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14086| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14087| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14088| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14089| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14090| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14091| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14092| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14093|
14094| SecurityFocus - https://www.securityfocus.com/bid/:
14095| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14096| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14097| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14098| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14099| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14100| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14101| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14102| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14103| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14104| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14105| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14106| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14107| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14108| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14109| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14110| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14111| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14112| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14113| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14114| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14115| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14116| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14117| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14118| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14119| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14120| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14121| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14122| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14123| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14124| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14125| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14126| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14127| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14128| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14129| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14130| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14131| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14132| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14133| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14134| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14135| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14136| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14137| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14138| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14139| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14140| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14141| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14142| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14143| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14144| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14145| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14146| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14147| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14148| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14149| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14150| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14151| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14152| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14153| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14154| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14155| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14156| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14157| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14158| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14159| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14160| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14161| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14162| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14163| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14164| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14165| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14166| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14167| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14168| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14169| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14170| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14171| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14172| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14173| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14174| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14175| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14176| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14177| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14178| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14179| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14180| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14181| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14182| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14183| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14184| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14185| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14186| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14187| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14188| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14189| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14190| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14191| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14192| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14193| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14194| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14195| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14196| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14197| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14198| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14199| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14200| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14201| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14202| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14203| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14204| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14205| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14206| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14207| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14208| [100447] Apache2Triad Multiple Security Vulnerabilities
14209| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14210| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14211| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14212| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14213| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14214| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14215| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14216| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14217| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14218| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14219| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14220| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14221| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14222| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14223| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14224| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14225| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14226| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14227| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14228| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14229| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14230| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14231| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14232| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14233| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14234| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14235| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14236| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14237| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14238| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14239| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14240| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14241| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14242| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14243| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14244| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14245| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14246| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14247| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14248| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14249| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14250| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14251| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14252| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14253| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14254| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14255| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14256| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14257| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14258| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14259| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14260| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14261| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14262| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14263| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14264| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14265| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14266| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14267| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14268| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14269| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14270| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14271| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14272| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14273| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14274| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14275| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14276| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14277| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14278| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14279| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14280| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14281| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14282| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14283| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14284| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14285| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14286| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14287| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14288| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14289| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14290| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14291| [95675] Apache Struts Remote Code Execution Vulnerability
14292| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14293| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14294| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14295| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14296| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14297| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14298| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14299| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14300| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14301| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14302| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14303| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14304| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14305| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14306| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14307| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14308| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14309| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14310| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14311| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14312| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14313| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14314| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14315| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14316| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14317| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14318| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14319| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14320| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14321| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14322| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14323| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14324| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14325| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14326| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14327| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14328| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14329| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14330| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14331| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14332| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14333| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14334| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14335| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14336| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14337| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14338| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14339| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14340| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14341| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14342| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14343| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14344| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14345| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14346| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14347| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14348| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14349| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14350| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14351| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14352| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14353| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14354| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14355| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14356| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14357| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14358| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14359| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14360| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14361| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14362| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14363| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14364| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14365| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14366| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14367| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14368| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14369| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14370| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14371| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14372| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14373| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14374| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14375| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14376| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14377| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14378| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14379| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14380| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14381| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14382| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14383| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14384| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14385| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14386| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14387| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14388| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14389| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14390| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14391| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14392| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14393| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14394| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14395| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14396| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14397| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14398| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14399| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14400| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14401| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14402| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14403| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14404| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14405| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14406| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14407| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14408| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14409| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14410| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14411| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14412| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14413| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14414| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14415| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14416| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14417| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14418| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14419| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14420| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14421| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14422| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14423| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14424| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14425| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14426| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14427| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14428| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14429| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14430| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14431| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14432| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14433| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14434| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14435| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14436| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14437| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14438| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14439| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14440| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14441| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14442| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14443| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14444| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14445| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14446| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14447| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14448| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14449| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14450| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14451| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14452| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14453| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14454| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14455| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14456| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14457| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14458| [76933] Apache James Server Unspecified Command Execution Vulnerability
14459| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14460| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14461| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14462| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14463| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14464| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14465| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14466| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14467| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14468| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14469| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14470| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14471| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14472| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14473| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14474| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14475| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14476| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14477| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14478| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14479| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14480| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14481| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14482| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14483| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14484| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14485| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14486| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14487| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14488| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14489| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14490| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14491| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14492| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14493| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14494| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14495| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14496| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14497| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14498| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14499| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14500| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14501| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14502| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14503| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14504| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14505| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14506| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14507| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14508| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14509| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14510| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14511| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14512| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14513| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14514| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14515| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14516| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14517| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14518| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14519| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14520| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14521| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14522| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14523| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14524| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14525| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14526| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14527| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14528| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14529| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14530| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14531| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14532| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14533| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14534| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14535| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14536| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14537| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14538| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14539| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14540| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14541| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14542| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14543| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14544| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14545| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14546| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14547| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14548| [68229] Apache Harmony PRNG Entropy Weakness
14549| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14550| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14551| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14552| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14553| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14554| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14555| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14556| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14557| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14558| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14559| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14560| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14561| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14562| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14563| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14564| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14565| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14566| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14567| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14568| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14569| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14570| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14571| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14572| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14573| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14574| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14575| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14576| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14577| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14578| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14579| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14580| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14581| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14582| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14583| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14584| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14585| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14586| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14587| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14588| [64780] Apache CloudStack Unauthorized Access Vulnerability
14589| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14590| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14591| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14592| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14593| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14594| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14595| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14596| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14597| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14598| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14599| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14600| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14601| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14602| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14603| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14604| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14605| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14606| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14607| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14608| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14609| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14610| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14611| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14612| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14613| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14614| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14615| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14616| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14617| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14618| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14619| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14620| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14621| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14622| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14623| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14624| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14625| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14626| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14627| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14628| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14629| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14630| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14631| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14632| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14633| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14634| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14635| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14636| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14637| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14638| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14639| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14640| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14641| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14642| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14643| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14644| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14645| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14646| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14647| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14648| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14649| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14650| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14651| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14652| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14653| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14654| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14655| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14656| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14657| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14658| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14659| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14660| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14661| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14662| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14663| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14664| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14665| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14666| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
14667| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
14668| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
14669| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
14670| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
14671| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
14672| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
14673| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
14674| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
14675| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
14676| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
14677| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
14678| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
14679| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
14680| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
14681| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
14682| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
14683| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
14684| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
14685| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
14686| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
14687| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
14688| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
14689| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
14690| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
14691| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
14692| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
14693| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
14694| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
14695| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
14696| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
14697| [54798] Apache Libcloud Man In The Middle Vulnerability
14698| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
14699| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
14700| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
14701| [54189] Apache Roller Cross Site Request Forgery Vulnerability
14702| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
14703| [53880] Apache CXF Child Policies Security Bypass Vulnerability
14704| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
14705| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
14706| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
14707| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
14708| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
14709| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
14710| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
14711| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14712| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
14713| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
14714| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
14715| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
14716| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
14717| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
14718| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
14719| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
14720| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
14721| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
14722| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
14723| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
14724| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14725| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14726| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
14727| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
14728| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
14729| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
14730| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
14731| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
14732| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
14733| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14734| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
14735| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
14736| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
14737| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
14738| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14739| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14740| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
14741| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
14742| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14743| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
14744| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
14745| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
14746| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
14747| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
14748| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
14749| [49290] Apache Wicket Cross Site Scripting Vulnerability
14750| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
14751| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
14752| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
14753| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
14754| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
14755| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
14756| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
14757| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14758| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
14759| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
14760| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
14761| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
14762| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
14763| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
14764| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
14765| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
14766| [46953] Apache MPM-ITK Module Security Weakness
14767| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
14768| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
14769| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
14770| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
14771| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
14772| [46166] Apache Tomcat JVM Denial of Service Vulnerability
14773| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
14774| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14775| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
14776| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
14777| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
14778| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
14779| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
14780| [44616] Apache Shiro Directory Traversal Vulnerability
14781| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
14782| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
14783| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
14784| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
14785| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
14786| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14787| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
14788| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
14789| [42492] Apache CXF XML DTD Processing Security Vulnerability
14790| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
14791| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14792| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14793| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
14794| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
14795| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14796| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
14797| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
14798| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
14799| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14800| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14801| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
14802| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
14803| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14804| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
14805| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
14806| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
14807| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
14808| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
14809| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
14810| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
14811| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
14812| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
14813| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
14814| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
14815| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
14816| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
14817| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
14818| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
14819| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
14820| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14821| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
14822| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
14823| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
14824| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
14825| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14826| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
14827| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
14828| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
14829| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
14830| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
14831| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14832| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14833| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
14834| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
14835| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
14836| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
14837| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
14838| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
14839| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14840| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
14841| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
14842| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14843| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
14844| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
14845| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
14846| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
14847| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
14848| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
14849| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
14850| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14851| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
14852| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
14853| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
14854| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
14855| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
14856| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
14857| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
14858| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
14859| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
14860| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14861| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
14862| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14863| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
14864| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
14865| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
14866| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
14867| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14868| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14869| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
14870| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
14871| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
14872| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
14873| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
14874| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
14875| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
14876| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
14877| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
14878| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
14879| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
14880| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
14881| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
14882| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
14883| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
14884| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
14885| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
14886| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
14887| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
14888| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
14889| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
14890| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14891| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
14892| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14893| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
14894| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
14895| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
14896| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
14897| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
14898| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
14899| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
14900| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
14901| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
14902| [20527] Apache Mod_TCL Remote Format String Vulnerability
14903| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
14904| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
14905| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
14906| [19106] Apache Tomcat Information Disclosure Vulnerability
14907| [18138] Apache James SMTP Denial Of Service Vulnerability
14908| [17342] Apache Struts Multiple Remote Vulnerabilities
14909| [17095] Apache Log4Net Denial Of Service Vulnerability
14910| [16916] Apache mod_python FileSession Code Execution Vulnerability
14911| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
14912| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
14913| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
14914| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
14915| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
14916| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
14917| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
14918| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
14919| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
14920| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
14921| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
14922| [15177] PHP Apache 2 Local Denial of Service Vulnerability
14923| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
14924| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
14925| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
14926| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
14927| [14106] Apache HTTP Request Smuggling Vulnerability
14928| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
14929| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
14930| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
14931| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
14932| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
14933| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
14934| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
14935| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
14936| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
14937| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
14938| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
14939| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
14940| [11471] Apache mod_include Local Buffer Overflow Vulnerability
14941| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
14942| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
14943| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
14944| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
14945| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
14946| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
14947| [11094] Apache mod_ssl Denial Of Service Vulnerability
14948| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
14949| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
14950| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
14951| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
14952| [10478] ClueCentral Apache Suexec Patch Security Weakness
14953| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
14954| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
14955| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
14956| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
14957| [9921] Apache Connection Blocking Denial Of Service Vulnerability
14958| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
14959| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
14960| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
14961| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
14962| [9733] Apache Cygwin Directory Traversal Vulnerability
14963| [9599] Apache mod_php Global Variables Information Disclosure Weakness
14964| [9590] Apache-SSL Client Certificate Forging Vulnerability
14965| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
14966| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
14967| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
14968| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
14969| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
14970| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
14971| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
14972| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
14973| [8898] Red Hat Apache Directory Index Default Configuration Error
14974| [8883] Apache Cocoon Directory Traversal Vulnerability
14975| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
14976| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
14977| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
14978| [8707] Apache htpasswd Password Entropy Weakness
14979| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
14980| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
14981| [8226] Apache HTTP Server Multiple Vulnerabilities
14982| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
14983| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
14984| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
14985| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
14986| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
14987| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
14988| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
14989| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
14990| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
14991| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
14992| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
14993| [7255] Apache Web Server File Descriptor Leakage Vulnerability
14994| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
14995| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
14996| [6939] Apache Web Server ETag Header Information Disclosure Weakness
14997| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
14998| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
14999| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15000| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15001| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15002| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15003| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15004| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15005| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15006| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15007| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15008| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15009| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15010| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15011| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15012| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15013| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15014| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15015| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15016| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15017| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15018| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15019| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15020| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15021| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15022| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15023| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15024| [5485] Apache 2.0 Path Disclosure Vulnerability
15025| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15026| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15027| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15028| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15029| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15030| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15031| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15032| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15033| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15034| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15035| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15036| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15037| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15038| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15039| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15040| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15041| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15042| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15043| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15044| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15045| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15046| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15047| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15048| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15049| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15050| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15051| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15052| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15053| [3596] Apache Split-Logfile File Append Vulnerability
15054| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15055| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15056| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15057| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15058| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15059| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15060| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15061| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15062| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15063| [3169] Apache Server Address Disclosure Vulnerability
15064| [3009] Apache Possible Directory Index Disclosure Vulnerability
15065| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15066| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15067| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15068| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15069| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15070| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15071| [2216] Apache Web Server DoS Vulnerability
15072| [2182] Apache /tmp File Race Vulnerability
15073| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15074| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15075| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15076| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15077| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15078| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15079| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15080| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15081| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15082| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15083| [1457] Apache::ASP source.asp Example Script Vulnerability
15084| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15085| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15086|
15087| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15088| [86258] Apache CloudStack text fields cross-site scripting
15089| [85983] Apache Subversion mod_dav_svn module denial of service
15090| [85875] Apache OFBiz UEL code execution
15091| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15092| [85871] Apache HTTP Server mod_session_dbd unspecified
15093| [85756] Apache Struts OGNL expression command execution
15094| [85755] Apache Struts DefaultActionMapper class open redirect
15095| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15096| [85574] Apache HTTP Server mod_dav denial of service
15097| [85573] Apache Struts Showcase App OGNL code execution
15098| [85496] Apache CXF denial of service
15099| [85423] Apache Geronimo RMI classloader code execution
15100| [85326] Apache Santuario XML Security for C++ buffer overflow
15101| [85323] Apache Santuario XML Security for Java spoofing
15102| [85319] Apache Qpid Python client SSL spoofing
15103| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15104| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15105| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15106| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15107| [84952] Apache Tomcat CVE-2012-3544 denial of service
15108| [84763] Apache Struts CVE-2013-2135 security bypass
15109| [84762] Apache Struts CVE-2013-2134 security bypass
15110| [84719] Apache Subversion CVE-2013-2088 command execution
15111| [84718] Apache Subversion CVE-2013-2112 denial of service
15112| [84717] Apache Subversion CVE-2013-1968 denial of service
15113| [84577] Apache Tomcat security bypass
15114| [84576] Apache Tomcat symlink
15115| [84543] Apache Struts CVE-2013-2115 security bypass
15116| [84542] Apache Struts CVE-2013-1966 security bypass
15117| [84154] Apache Tomcat session hijacking
15118| [84144] Apache Tomcat denial of service
15119| [84143] Apache Tomcat information disclosure
15120| [84111] Apache HTTP Server command execution
15121| [84043] Apache Virtual Computing Lab cross-site scripting
15122| [84042] Apache Virtual Computing Lab cross-site scripting
15123| [83782] Apache CloudStack information disclosure
15124| [83781] Apache CloudStack security bypass
15125| [83720] Apache ActiveMQ cross-site scripting
15126| [83719] Apache ActiveMQ denial of service
15127| [83718] Apache ActiveMQ denial of service
15128| [83263] Apache Subversion denial of service
15129| [83262] Apache Subversion denial of service
15130| [83261] Apache Subversion denial of service
15131| [83259] Apache Subversion denial of service
15132| [83035] Apache mod_ruid2 security bypass
15133| [82852] Apache Qpid federation_tag security bypass
15134| [82851] Apache Qpid qpid::framing::Buffer denial of service
15135| [82758] Apache Rave User RPC API information disclosure
15136| [82663] Apache Subversion svn_fs_file_length() denial of service
15137| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15138| [82641] Apache Qpid AMQP denial of service
15139| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15140| [82618] Apache Commons FileUpload symlink
15141| [82360] Apache HTTP Server manager interface cross-site scripting
15142| [82359] Apache HTTP Server hostnames cross-site scripting
15143| [82338] Apache Tomcat log/logdir information disclosure
15144| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15145| [82268] Apache OpenJPA deserialization command execution
15146| [81981] Apache CXF UsernameTokens security bypass
15147| [81980] Apache CXF WS-Security security bypass
15148| [81398] Apache OFBiz cross-site scripting
15149| [81240] Apache CouchDB directory traversal
15150| [81226] Apache CouchDB JSONP code execution
15151| [81225] Apache CouchDB Futon user interface cross-site scripting
15152| [81211] Apache Axis2/C SSL spoofing
15153| [81167] Apache CloudStack DeployVM information disclosure
15154| [81166] Apache CloudStack AddHost API information disclosure
15155| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15156| [80518] Apache Tomcat cross-site request forgery security bypass
15157| [80517] Apache Tomcat FormAuthenticator security bypass
15158| [80516] Apache Tomcat NIO denial of service
15159| [80408] Apache Tomcat replay-countermeasure security bypass
15160| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15161| [80317] Apache Tomcat slowloris denial of service
15162| [79984] Apache Commons HttpClient SSL spoofing
15163| [79983] Apache CXF SSL spoofing
15164| [79830] Apache Axis2/Java SSL spoofing
15165| [79829] Apache Axis SSL spoofing
15166| [79809] Apache Tomcat DIGEST security bypass
15167| [79806] Apache Tomcat parseHeaders() denial of service
15168| [79540] Apache OFBiz unspecified
15169| [79487] Apache Axis2 SAML security bypass
15170| [79212] Apache Cloudstack code execution
15171| [78734] Apache CXF SOAP Action security bypass
15172| [78730] Apache Qpid broker denial of service
15173| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15174| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15175| [78562] Apache mod_pagespeed module security bypass
15176| [78454] Apache Axis2 security bypass
15177| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15178| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15179| [78321] Apache Wicket unspecified cross-site scripting
15180| [78183] Apache Struts parameters denial of service
15181| [78182] Apache Struts cross-site request forgery
15182| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15183| [77987] mod_rpaf module for Apache denial of service
15184| [77958] Apache Struts skill name code execution
15185| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15186| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15187| [77568] Apache Qpid broker security bypass
15188| [77421] Apache Libcloud spoofing
15189| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15190| [77046] Oracle Solaris Apache HTTP Server information disclosure
15191| [76837] Apache Hadoop information disclosure
15192| [76802] Apache Sling CopyFrom denial of service
15193| [76692] Apache Hadoop symlink
15194| [76535] Apache Roller console cross-site request forgery
15195| [76534] Apache Roller weblog cross-site scripting
15196| [76152] Apache CXF elements security bypass
15197| [76151] Apache CXF child policies security bypass
15198| [75983] MapServer for Windows Apache file include
15199| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15200| [75558] Apache POI denial of service
15201| [75545] PHP apache_request_headers() buffer overflow
15202| [75302] Apache Qpid SASL security bypass
15203| [75211] Debian GNU/Linux apache 2 cross-site scripting
15204| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15205| [74871] Apache OFBiz FlexibleStringExpander code execution
15206| [74870] Apache OFBiz multiple cross-site scripting
15207| [74750] Apache Hadoop unspecified spoofing
15208| [74319] Apache Struts XSLTResult.java file upload
15209| [74313] Apache Traffic Server header buffer overflow
15210| [74276] Apache Wicket directory traversal
15211| [74273] Apache Wicket unspecified cross-site scripting
15212| [74181] Apache HTTP Server mod_fcgid module denial of service
15213| [73690] Apache Struts OGNL code execution
15214| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15215| [73100] Apache MyFaces in directory traversal
15216| [73096] Apache APR hash denial of service
15217| [73052] Apache Struts name cross-site scripting
15218| [73030] Apache CXF UsernameToken security bypass
15219| [72888] Apache Struts lastName cross-site scripting
15220| [72758] Apache HTTP Server httpOnly information disclosure
15221| [72757] Apache HTTP Server MPM denial of service
15222| [72585] Apache Struts ParameterInterceptor security bypass
15223| [72438] Apache Tomcat Digest security bypass
15224| [72437] Apache Tomcat Digest security bypass
15225| [72436] Apache Tomcat DIGEST security bypass
15226| [72425] Apache Tomcat parameter denial of service
15227| [72422] Apache Tomcat request object information disclosure
15228| [72377] Apache HTTP Server scoreboard security bypass
15229| [72345] Apache HTTP Server HTTP request denial of service
15230| [72229] Apache Struts ExceptionDelegator command execution
15231| [72089] Apache Struts ParameterInterceptor directory traversal
15232| [72088] Apache Struts CookieInterceptor command execution
15233| [72047] Apache Geronimo hash denial of service
15234| [72016] Apache Tomcat hash denial of service
15235| [71711] Apache Struts OGNL expression code execution
15236| [71654] Apache Struts interfaces security bypass
15237| [71620] Apache ActiveMQ failover denial of service
15238| [71617] Apache HTTP Server mod_proxy module information disclosure
15239| [71508] Apache MyFaces EL security bypass
15240| [71445] Apache HTTP Server mod_proxy security bypass
15241| [71203] Apache Tomcat servlets privilege escalation
15242| [71181] Apache HTTP Server ap_pregsub() denial of service
15243| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15244| [70336] Apache HTTP Server mod_proxy information disclosure
15245| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15246| [69472] Apache Tomcat AJP security bypass
15247| [69396] Apache HTTP Server ByteRange filter denial of service
15248| [69394] Apache Wicket multi window support cross-site scripting
15249| [69176] Apache Tomcat XML information disclosure
15250| [69161] Apache Tomcat jsvc information disclosure
15251| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15252| [68541] Apache Tomcat sendfile information disclosure
15253| [68420] Apache XML Security denial of service
15254| [68238] Apache Tomcat JMX information disclosure
15255| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15256| [67804] Apache Subversion control rules information disclosure
15257| [67803] Apache Subversion control rules denial of service
15258| [67802] Apache Subversion baselined denial of service
15259| [67672] Apache Archiva multiple cross-site scripting
15260| [67671] Apache Archiva multiple cross-site request forgery
15261| [67564] Apache APR apr_fnmatch() denial of service
15262| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15263| [67515] Apache Tomcat annotations security bypass
15264| [67480] Apache Struts s:submit information disclosure
15265| [67414] Apache APR apr_fnmatch() denial of service
15266| [67356] Apache Struts javatemplates cross-site scripting
15267| [67354] Apache Struts Xwork cross-site scripting
15268| [66676] Apache Tomcat HTTP BIO information disclosure
15269| [66675] Apache Tomcat web.xml security bypass
15270| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15271| [66241] Apache HttpComponents information disclosure
15272| [66154] Apache Tomcat ServletSecurity security bypass
15273| [65971] Apache Tomcat ServletSecurity security bypass
15274| [65876] Apache Subversion mod_dav_svn denial of service
15275| [65343] Apache Continuum unspecified cross-site scripting
15276| [65162] Apache Tomcat NIO connector denial of service
15277| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15278| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15279| [65159] Apache Tomcat ServletContect security bypass
15280| [65050] Apache CouchDB web-based administration UI cross-site scripting
15281| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15282| [64473] Apache Subversion blame -g denial of service
15283| [64472] Apache Subversion walk() denial of service
15284| [64407] Apache Axis2 CVE-2010-0219 code execution
15285| [63926] Apache Archiva password privilege escalation
15286| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15287| [63493] Apache Archiva credentials cross-site request forgery
15288| [63477] Apache Tomcat HttpOnly session hijacking
15289| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15290| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15291| [62959] Apache Shiro filters security bypass
15292| [62790] Apache Perl cgi module denial of service
15293| [62576] Apache Qpid exchange denial of service
15294| [62575] Apache Qpid AMQP denial of service
15295| [62354] Apache Qpid SSL denial of service
15296| [62235] Apache APR-util apr_brigade_split_line() denial of service
15297| [62181] Apache XML-RPC SAX Parser information disclosure
15298| [61721] Apache Traffic Server cache poisoning
15299| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15300| [61186] Apache CouchDB Futon cross-site request forgery
15301| [61169] Apache CXF DTD denial of service
15302| [61070] Apache Jackrabbit search.jsp SQL injection
15303| [61006] Apache SLMS Quoting cross-site request forgery
15304| [60962] Apache Tomcat time cross-site scripting
15305| [60883] Apache mod_proxy_http information disclosure
15306| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15307| [60264] Apache Tomcat Transfer-Encoding denial of service
15308| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15309| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15310| [59413] Apache mod_proxy_http timeout information disclosure
15311| [59058] Apache MyFaces unencrypted view state cross-site scripting
15312| [58827] Apache Axis2 xsd file include
15313| [58790] Apache Axis2 modules cross-site scripting
15314| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15315| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15316| [58056] Apache ActiveMQ .jsp source code disclosure
15317| [58055] Apache Tomcat realm name information disclosure
15318| [58046] Apache HTTP Server mod_auth_shadow security bypass
15319| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15320| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15321| [57429] Apache CouchDB algorithms information disclosure
15322| [57398] Apache ActiveMQ Web console cross-site request forgery
15323| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15324| [56653] Apache HTTP Server DNS spoofing
15325| [56652] Apache HTTP Server DNS cross-site scripting
15326| [56625] Apache HTTP Server request header information disclosure
15327| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15328| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15329| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15330| [55857] Apache Tomcat WAR files directory traversal
15331| [55856] Apache Tomcat autoDeploy attribute security bypass
15332| [55855] Apache Tomcat WAR directory traversal
15333| [55210] Intuit component for Joomla! Apache information disclosure
15334| [54533] Apache Tomcat 404 error page cross-site scripting
15335| [54182] Apache Tomcat admin default password
15336| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15337| [53666] Apache HTTP Server Solaris pollset support denial of service
15338| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15339| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15340| [53041] mod_proxy_ftp module for Apache denial of service
15341| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15342| [51953] Apache Tomcat Path Disclosure
15343| [51952] Apache Tomcat Path Traversal
15344| [51951] Apache stronghold-status Information Disclosure
15345| [51950] Apache stronghold-info Information Disclosure
15346| [51949] Apache PHP Source Code Disclosure
15347| [51948] Apache Multiviews Attack
15348| [51946] Apache JServ Environment Status Information Disclosure
15349| [51945] Apache error_log Information Disclosure
15350| [51944] Apache Default Installation Page Pattern Found
15351| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15352| [51942] Apache AXIS XML External Entity File Retrieval
15353| [51941] Apache AXIS Sample Servlet Information Leak
15354| [51940] Apache access_log Information Disclosure
15355| [51626] Apache mod_deflate denial of service
15356| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15357| [51365] Apache Tomcat RequestDispatcher security bypass
15358| [51273] Apache HTTP Server Incomplete Request denial of service
15359| [51195] Apache Tomcat XML information disclosure
15360| [50994] Apache APR-util xml/apr_xml.c denial of service
15361| [50993] Apache APR-util apr_brigade_vprintf denial of service
15362| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15363| [50930] Apache Tomcat j_security_check information disclosure
15364| [50928] Apache Tomcat AJP denial of service
15365| [50884] Apache HTTP Server XML ENTITY denial of service
15366| [50808] Apache HTTP Server AllowOverride privilege escalation
15367| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15368| [50059] Apache mod_proxy_ajp information disclosure
15369| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15370| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15371| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15372| [49921] Apache ActiveMQ Web interface cross-site scripting
15373| [49898] Apache Geronimo Services/Repository directory traversal
15374| [49725] Apache Tomcat mod_jk module information disclosure
15375| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15376| [49712] Apache Struts unspecified cross-site scripting
15377| [49213] Apache Tomcat cal2.jsp cross-site scripting
15378| [48934] Apache Tomcat POST doRead method information disclosure
15379| [48211] Apache Tomcat header HTTP request smuggling
15380| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15381| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15382| [47709] Apache Roller "
15383| [47104] Novell Netware ApacheAdmin console security bypass
15384| [47086] Apache HTTP Server OS fingerprinting unspecified
15385| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15386| [45791] Apache Tomcat RemoteFilterValve security bypass
15387| [44435] Oracle WebLogic Apache Connector buffer overflow
15388| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15389| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15390| [44156] Apache Tomcat RequestDispatcher directory traversal
15391| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15392| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15393| [42987] Apache HTTP Server mod_proxy module denial of service
15394| [42915] Apache Tomcat JSP files path disclosure
15395| [42914] Apache Tomcat MS-DOS path disclosure
15396| [42892] Apache Tomcat unspecified unauthorized access
15397| [42816] Apache Tomcat Host Manager cross-site scripting
15398| [42303] Apache 403 error cross-site scripting
15399| [41618] Apache-SSL ExpandCert() authentication bypass
15400| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15401| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15402| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15403| [40562] Apache Geronimo init information disclosure
15404| [40478] Novell Web Manager webadmin-apache.conf security bypass
15405| [40411] Apache Tomcat exception handling information disclosure
15406| [40409] Apache Tomcat native (APR based) connector weak security
15407| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15408| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15409| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15410| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15411| [39804] Apache Tomcat SingleSignOn information disclosure
15412| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15413| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15414| [39608] Apache HTTP Server balancer manager cross-site request forgery
15415| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15416| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15417| [39472] Apache HTTP Server mod_status cross-site scripting
15418| [39201] Apache Tomcat JULI logging weak security
15419| [39158] Apache HTTP Server Windows SMB shares information disclosure
15420| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15421| [38951] Apache::AuthCAS Perl module cookie SQL injection
15422| [38800] Apache HTTP Server 413 error page cross-site scripting
15423| [38211] Apache Geronimo SQLLoginModule authentication bypass
15424| [37243] Apache Tomcat WebDAV directory traversal
15425| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15426| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15427| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15428| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15429| [36782] Apache Geronimo MEJB unauthorized access
15430| [36586] Apache HTTP Server UTF-7 cross-site scripting
15431| [36468] Apache Geronimo LoginModule security bypass
15432| [36467] Apache Tomcat functions.jsp cross-site scripting
15433| [36402] Apache Tomcat calendar cross-site request forgery
15434| [36354] Apache HTTP Server mod_proxy module denial of service
15435| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15436| [36336] Apache Derby lock table privilege escalation
15437| [36335] Apache Derby schema privilege escalation
15438| [36006] Apache Tomcat "
15439| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15440| [35999] Apache Tomcat \"
15441| [35795] Apache Tomcat CookieExample cross-site scripting
15442| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15443| [35384] Apache HTTP Server mod_cache module denial of service
15444| [35097] Apache HTTP Server mod_status module cross-site scripting
15445| [35095] Apache HTTP Server Prefork MPM module denial of service
15446| [34984] Apache HTTP Server recall_headers information disclosure
15447| [34966] Apache HTTP Server MPM content spoofing
15448| [34965] Apache HTTP Server MPM information disclosure
15449| [34963] Apache HTTP Server MPM multiple denial of service
15450| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15451| [34869] Apache Tomcat JSP example Web application cross-site scripting
15452| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15453| [34496] Apache Tomcat JK Connector security bypass
15454| [34377] Apache Tomcat hello.jsp cross-site scripting
15455| [34212] Apache Tomcat SSL configuration security bypass
15456| [34210] Apache Tomcat Accept-Language cross-site scripting
15457| [34209] Apache Tomcat calendar application cross-site scripting
15458| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15459| [34167] Apache Axis WSDL file path disclosure
15460| [34068] Apache Tomcat AJP connector information disclosure
15461| [33584] Apache HTTP Server suEXEC privilege escalation
15462| [32988] Apache Tomcat proxy module directory traversal
15463| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15464| [32708] Debian Apache tty privilege escalation
15465| [32441] ApacheStats extract() PHP call unspecified
15466| [32128] Apache Tomcat default account
15467| [31680] Apache Tomcat RequestParamExample cross-site scripting
15468| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15469| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15470| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15471| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15472| [29550] Apache mod_tcl set_var() format string
15473| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15474| [28357] Apache HTTP Server mod_alias script source information disclosure
15475| [28063] Apache mod_rewrite off-by-one buffer overflow
15476| [27902] Apache Tomcat URL information disclosure
15477| [26786] Apache James SMTP server denial of service
15478| [25680] libapache2 /tmp/svn file upload
15479| [25614] Apache Struts lookupMap cross-site scripting
15480| [25613] Apache Struts ActionForm denial of service
15481| [25612] Apache Struts isCancelled() security bypass
15482| [24965] Apache mod_python FileSession command execution
15483| [24716] Apache James spooler memory leak denial of service
15484| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15485| [24158] Apache Geronimo jsp-examples cross-site scripting
15486| [24030] Apache auth_ldap module multiple format strings
15487| [24008] Apache mod_ssl custom error message denial of service
15488| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15489| [23612] Apache mod_imap referer field cross-site scripting
15490| [23173] Apache Struts error message cross-site scripting
15491| [22942] Apache Tomcat directory listing denial of service
15492| [22858] Apache Multi-Processing Module code allows denial of service
15493| [22602] RHSA-2005:582 updates for Apache httpd not installed
15494| [22520] Apache mod-auth-shadow "
15495| [22466] ApacheTop symlink
15496| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15497| [22006] Apache HTTP Server byte-range filter denial of service
15498| [21567] Apache mod_ssl off-by-one buffer overflow
15499| [21195] Apache HTTP Server header HTTP request smuggling
15500| [20383] Apache HTTP Server htdigest buffer overflow
15501| [19681] Apache Tomcat AJP12 request denial of service
15502| [18993] Apache HTTP server check_forensic symlink attack
15503| [18790] Apache Tomcat Manager cross-site scripting
15504| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15505| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15506| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15507| [17961] Apache Web server ServerTokens has not been set
15508| [17930] Apache HTTP Server HTTP GET request denial of service
15509| [17785] Apache mod_include module buffer overflow
15510| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15511| [17473] Apache HTTP Server Satisfy directive allows access to resources
15512| [17413] Apache htpasswd buffer overflow
15513| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15514| [17382] Apache HTTP Server IPv6 apr_util denial of service
15515| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15516| [17273] Apache HTTP Server speculative mode denial of service
15517| [17200] Apache HTTP Server mod_ssl denial of service
15518| [16890] Apache HTTP Server server-info request has been detected
15519| [16889] Apache HTTP Server server-status request has been detected
15520| [16705] Apache mod_ssl format string attack
15521| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15522| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15523| [16230] Apache HTTP Server PHP denial of service
15524| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15525| [15958] Apache HTTP Server authentication modules memory corruption
15526| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15527| [15540] Apache HTTP Server socket starvation denial of service
15528| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15529| [15422] Apache HTTP Server mod_access information disclosure
15530| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15531| [15293] Apache for Cygwin "
15532| [15065] Apache-SSL has a default password
15533| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15534| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15535| [14751] Apache Mod_python output filter information disclosure
15536| [14125] Apache HTTP Server mod_userdir module information disclosure
15537| [14075] Apache HTTP Server mod_php file descriptor leak
15538| [13703] Apache HTTP Server account
15539| [13689] Apache HTTP Server configuration allows symlinks
15540| [13688] Apache HTTP Server configuration allows SSI
15541| [13687] Apache HTTP Server Server: header value
15542| [13685] Apache HTTP Server ServerTokens value
15543| [13684] Apache HTTP Server ServerSignature value
15544| [13672] Apache HTTP Server config allows directory autoindexing
15545| [13671] Apache HTTP Server default content
15546| [13670] Apache HTTP Server config file directive references outside content root
15547| [13668] Apache HTTP Server httpd not running in chroot environment
15548| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15549| [13664] Apache HTTP Server config file contains ScriptAlias entry
15550| [13663] Apache HTTP Server CGI support modules loaded
15551| [13661] Apache HTTP Server config file contains AddHandler entry
15552| [13660] Apache HTTP Server 500 error page not CGI script
15553| [13659] Apache HTTP Server 413 error page not CGI script
15554| [13658] Apache HTTP Server 403 error page not CGI script
15555| [13657] Apache HTTP Server 401 error page not CGI script
15556| [13552] Apache HTTP Server mod_cgid module information disclosure
15557| [13550] Apache GET request directory traversal
15558| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15559| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15560| [13429] Apache Tomcat non-HTTP request denial of service
15561| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15562| [13295] Apache weak password encryption
15563| [13254] Apache Tomcat .jsp cross-site scripting
15564| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15565| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15566| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15567| [12662] Apache HTTP Server rotatelogs denial of service
15568| [12554] Apache Tomcat stores password in plain text
15569| [12553] Apache HTTP Server redirects and subrequests denial of service
15570| [12552] Apache HTTP Server FTP proxy server denial of service
15571| [12551] Apache HTTP Server prefork MPM denial of service
15572| [12550] Apache HTTP Server weaker than expected encryption
15573| [12549] Apache HTTP Server type-map file denial of service
15574| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15575| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15576| [12091] Apache HTTP Server apr_password_validate denial of service
15577| [12090] Apache HTTP Server apr_psprintf code execution
15578| [11804] Apache HTTP Server mod_access_referer denial of service
15579| [11750] Apache HTTP Server could leak sensitive file descriptors
15580| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15581| [11703] Apache long slash path allows directory listing
15582| [11695] Apache HTTP Server LF (Line Feed) denial of service
15583| [11694] Apache HTTP Server filestat.c denial of service
15584| [11438] Apache HTTP Server MIME message boundaries information disclosure
15585| [11412] Apache HTTP Server error log terminal escape sequence injection
15586| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15587| [11195] Apache Tomcat web.xml could be used to read files
15588| [11194] Apache Tomcat URL appended with a null character could list directories
15589| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15590| [11126] Apache HTTP Server illegal character file disclosure
15591| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15592| [11124] Apache HTTP Server DOS device name denial of service
15593| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15594| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15595| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15596| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15597| [10499] Apache HTTP Server WebDAV HTTP POST view source
15598| [10457] Apache HTTP Server mod_ssl "
15599| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15600| [10414] Apache HTTP Server htdigest multiple buffer overflows
15601| [10413] Apache HTTP Server htdigest temporary file race condition
15602| [10412] Apache HTTP Server htpasswd temporary file race condition
15603| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15604| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15605| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15606| [10280] Apache HTTP Server shared memory scorecard overwrite
15607| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15608| [10241] Apache HTTP Server Host: header cross-site scripting
15609| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15610| [10208] Apache HTTP Server mod_dav denial of service
15611| [10206] HP VVOS Apache mod_ssl denial of service
15612| [10200] Apache HTTP Server stderr denial of service
15613| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15614| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15615| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15616| [10098] Slapper worm targets OpenSSL/Apache systems
15617| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15618| [9875] Apache HTTP Server .var file request could disclose installation path
15619| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15620| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15621| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15622| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15623| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15624| [9396] Apache Tomcat null character to threads denial of service
15625| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15626| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15627| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15628| [8932] Apache Tomcat example class information disclosure
15629| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15630| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15631| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15632| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15633| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15634| [8400] Apache HTTP Server mod_frontpage buffer overflows
15635| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15636| [8308] Apache "
15637| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15638| [8119] Apache and PHP OPTIONS request reveals "
15639| [8054] Apache is running on the system
15640| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15641| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15642| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15643| [7836] Apache HTTP Server log directory denial of service
15644| [7815] Apache for Windows "
15645| [7810] Apache HTTP request could result in unexpected behavior
15646| [7599] Apache Tomcat reveals installation path
15647| [7494] Apache "
15648| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15649| [7363] Apache Web Server hidden HTTP requests
15650| [7249] Apache mod_proxy denial of service
15651| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15652| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15653| [7059] Apache "
15654| [7057] Apache "
15655| [7056] Apache "
15656| [7055] Apache "
15657| [7054] Apache "
15658| [6997] Apache Jakarta Tomcat error message may reveal information
15659| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15660| [6970] Apache crafted HTTP request could reveal the internal IP address
15661| [6921] Apache long slash path allows directory listing
15662| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15663| [6527] Apache Web Server for Windows and OS2 denial of service
15664| [6316] Apache Jakarta Tomcat may reveal JSP source code
15665| [6305] Apache Jakarta Tomcat directory traversal
15666| [5926] Linux Apache symbolic link
15667| [5659] Apache Web server discloses files when used with php script
15668| [5310] Apache mod_rewrite allows attacker to view arbitrary files
15669| [5204] Apache WebDAV directory listings
15670| [5197] Apache Web server reveals CGI script source code
15671| [5160] Apache Jakarta Tomcat default installation
15672| [5099] Trustix Secure Linux installs Apache with world writable access
15673| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
15674| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
15675| [4931] Apache source.asp example file allows users to write to files
15676| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
15677| [4205] Apache Jakarta Tomcat delivers file contents
15678| [2084] Apache on Debian by default serves the /usr/doc directory
15679| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
15680| [697] Apache HTTP server beck exploit
15681| [331] Apache cookies buffer overflow
15682|
15683| Exploit-DB - https://www.exploit-db.com:
15684| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
15685| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15686| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15687| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
15688| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
15689| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
15690| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
15691| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
15692| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
15693| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15694| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
15695| [29859] Apache Roller OGNL Injection
15696| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
15697| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
15698| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
15699| [29290] Apache / PHP 5.x Remote Code Execution Exploit
15700| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
15701| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
15702| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
15703| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
15704| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
15705| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
15706| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
15707| [27096] Apache Geronimo 1.0 Error Page XSS
15708| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
15709| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
15710| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
15711| [25986] Plesk Apache Zeroday Remote Exploit
15712| [25980] Apache Struts includeParams Remote Code Execution
15713| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
15714| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
15715| [24874] Apache Struts ParametersInterceptor Remote Code Execution
15716| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
15717| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
15718| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
15719| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
15720| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
15721| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
15722| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
15723| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
15724| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
15725| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
15726| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
15727| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
15728| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
15729| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
15730| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
15731| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
15732| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15733| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
15734| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
15735| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15736| [21719] Apache 2.0 Path Disclosure Vulnerability
15737| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15738| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
15739| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
15740| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
15741| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
15742| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
15743| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
15744| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
15745| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
15746| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
15747| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
15748| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
15749| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
15750| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
15751| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
15752| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
15753| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
15754| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
15755| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
15756| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
15757| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
15758| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
15759| [20558] Apache 1.2 Web Server DoS Vulnerability
15760| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
15761| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
15762| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
15763| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
15764| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
15765| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
15766| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
15767| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
15768| [19231] PHP apache_request_headers Function Buffer Overflow
15769| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
15770| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
15771| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
15772| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
15773| [18442] Apache httpOnly Cookie Disclosure
15774| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
15775| [18221] Apache HTTP Server Denial of Service
15776| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
15777| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
15778| [17691] Apache Struts < 2.2.0 - Remote Command Execution
15779| [16798] Apache mod_jk 1.2.20 Buffer Overflow
15780| [16782] Apache Win32 Chunked Encoding
15781| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
15782| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
15783| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
15784| [15319] Apache 2.2 (Windows) Local Denial of Service
15785| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
15786| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15787| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
15788| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
15789| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
15790| [12330] Apache OFBiz - Multiple XSS
15791| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
15792| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
15793| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
15794| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
15795| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
15796| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
15797| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
15798| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15799| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15800| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
15801| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
15802| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
15803| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15804| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
15805| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
15806| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
15807| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
15808| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
15809| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
15810| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
15811| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
15812| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
15813| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
15814| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
15815| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
15816| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
15817| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
15818| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
15819| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
15820| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
15821| [466] htpasswd Apache 1.3.31 - Local Exploit
15822| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
15823| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
15824| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
15825| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
15826| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
15827| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
15828| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
15829| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
15830| [9] Apache HTTP Server 2.x Memory Leak Exploit
15831|
15832| OpenVAS (Nessus) - http://www.openvas.org:
15833| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
15834| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
15835| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15836| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
15837| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
15838| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15839| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15840| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
15841| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
15842| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
15843| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
15844| [900571] Apache APR-Utils Version Detection
15845| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
15846| [900496] Apache Tiles Multiple XSS Vulnerability
15847| [900493] Apache Tiles Version Detection
15848| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
15849| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
15850| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
15851| [870175] RedHat Update for apache RHSA-2008:0004-01
15852| [864591] Fedora Update for apache-poi FEDORA-2012-10835
15853| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
15854| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
15855| [864250] Fedora Update for apache-poi FEDORA-2012-7683
15856| [864249] Fedora Update for apache-poi FEDORA-2012-7686
15857| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
15858| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
15859| [855821] Solaris Update for Apache 1.3 122912-19
15860| [855812] Solaris Update for Apache 1.3 122911-19
15861| [855737] Solaris Update for Apache 1.3 122911-17
15862| [855731] Solaris Update for Apache 1.3 122912-17
15863| [855695] Solaris Update for Apache 1.3 122911-16
15864| [855645] Solaris Update for Apache 1.3 122912-16
15865| [855587] Solaris Update for kernel update and Apache 108529-29
15866| [855566] Solaris Update for Apache 116973-07
15867| [855531] Solaris Update for Apache 116974-07
15868| [855524] Solaris Update for Apache 2 120544-14
15869| [855494] Solaris Update for Apache 1.3 122911-15
15870| [855478] Solaris Update for Apache Security 114145-11
15871| [855472] Solaris Update for Apache Security 113146-12
15872| [855179] Solaris Update for Apache 1.3 122912-15
15873| [855147] Solaris Update for kernel update and Apache 108528-29
15874| [855077] Solaris Update for Apache 2 120543-14
15875| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
15876| [850088] SuSE Update for apache2 SUSE-SA:2007:061
15877| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
15878| [841209] Ubuntu Update for apache2 USN-1627-1
15879| [840900] Ubuntu Update for apache2 USN-1368-1
15880| [840798] Ubuntu Update for apache2 USN-1259-1
15881| [840734] Ubuntu Update for apache2 USN-1199-1
15882| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
15883| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
15884| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
15885| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
15886| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
15887| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
15888| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
15889| [835253] HP-UX Update for Apache Web Server HPSBUX02645
15890| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
15891| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
15892| [835236] HP-UX Update for Apache with PHP HPSBUX02543
15893| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
15894| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
15895| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
15896| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
15897| [835188] HP-UX Update for Apache HPSBUX02308
15898| [835181] HP-UX Update for Apache With PHP HPSBUX02332
15899| [835180] HP-UX Update for Apache with PHP HPSBUX02342
15900| [835172] HP-UX Update for Apache HPSBUX02365
15901| [835168] HP-UX Update for Apache HPSBUX02313
15902| [835148] HP-UX Update for Apache HPSBUX01064
15903| [835139] HP-UX Update for Apache with PHP HPSBUX01090
15904| [835131] HP-UX Update for Apache HPSBUX00256
15905| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
15906| [835104] HP-UX Update for Apache HPSBUX00224
15907| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
15908| [835101] HP-UX Update for Apache HPSBUX01232
15909| [835080] HP-UX Update for Apache HPSBUX02273
15910| [835078] HP-UX Update for ApacheStrong HPSBUX00255
15911| [835044] HP-UX Update for Apache HPSBUX01019
15912| [835040] HP-UX Update for Apache PHP HPSBUX00207
15913| [835025] HP-UX Update for Apache HPSBUX00197
15914| [835023] HP-UX Update for Apache HPSBUX01022
15915| [835022] HP-UX Update for Apache HPSBUX02292
15916| [835005] HP-UX Update for Apache HPSBUX02262
15917| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
15918| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
15919| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
15920| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
15921| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
15922| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
15923| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
15924| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
15925| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
15926| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
15927| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
15928| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
15929| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
15930| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
15931| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
15932| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
15933| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
15934| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
15935| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
15936| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
15937| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
15938| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
15939| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
15940| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
15941| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
15942| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
15943| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
15944| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
15945| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
15946| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
15947| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15948| [801942] Apache Archiva Multiple Vulnerabilities
15949| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
15950| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
15951| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
15952| [801284] Apache Derby Information Disclosure Vulnerability
15953| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
15954| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
15955| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
15956| [800680] Apache APR Version Detection
15957| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15958| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15959| [800677] Apache Roller Version Detection
15960| [800279] Apache mod_jk Module Version Detection
15961| [800278] Apache Struts Cross Site Scripting Vulnerability
15962| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
15963| [800276] Apache Struts Version Detection
15964| [800271] Apache Struts Directory Traversal Vulnerability
15965| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
15966| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15967| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15968| [103122] Apache Web Server ETag Header Information Disclosure Weakness
15969| [103074] Apache Continuum Cross Site Scripting Vulnerability
15970| [103073] Apache Continuum Detection
15971| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15972| [101023] Apache Open For Business Weak Password security check
15973| [101020] Apache Open For Business HTML injection vulnerability
15974| [101019] Apache Open For Business service detection
15975| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
15976| [100923] Apache Archiva Detection
15977| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15978| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15979| [100813] Apache Axis2 Detection
15980| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15981| [100795] Apache Derby Detection
15982| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
15983| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15984| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15985| [100514] Apache Multiple Security Vulnerabilities
15986| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15987| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15988| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15989| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15990| [72626] Debian Security Advisory DSA 2579-1 (apache2)
15991| [72612] FreeBSD Ports: apache22
15992| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
15993| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
15994| [71512] FreeBSD Ports: apache
15995| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
15996| [71256] Debian Security Advisory DSA 2452-1 (apache2)
15997| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
15998| [70737] FreeBSD Ports: apache
15999| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16000| [70600] FreeBSD Ports: apache
16001| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16002| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16003| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16004| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16005| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16006| [67868] FreeBSD Ports: apache
16007| [66816] FreeBSD Ports: apache
16008| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16009| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16010| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16011| [66081] SLES11: Security update for Apache 2
16012| [66074] SLES10: Security update for Apache 2
16013| [66070] SLES9: Security update for Apache 2
16014| [65998] SLES10: Security update for apache2-mod_python
16015| [65893] SLES10: Security update for Apache 2
16016| [65888] SLES10: Security update for Apache 2
16017| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16018| [65510] SLES9: Security update for Apache 2
16019| [65472] SLES9: Security update for Apache
16020| [65467] SLES9: Security update for Apache
16021| [65450] SLES9: Security update for apache2
16022| [65390] SLES9: Security update for Apache2
16023| [65363] SLES9: Security update for Apache2
16024| [65309] SLES9: Security update for Apache and mod_ssl
16025| [65296] SLES9: Security update for webdav apache module
16026| [65283] SLES9: Security update for Apache2
16027| [65249] SLES9: Security update for Apache 2
16028| [65230] SLES9: Security update for Apache 2
16029| [65228] SLES9: Security update for Apache 2
16030| [65212] SLES9: Security update for apache2-mod_python
16031| [65209] SLES9: Security update for apache2-worker
16032| [65207] SLES9: Security update for Apache 2
16033| [65168] SLES9: Security update for apache2-mod_python
16034| [65142] SLES9: Security update for Apache2
16035| [65136] SLES9: Security update for Apache 2
16036| [65132] SLES9: Security update for apache
16037| [65131] SLES9: Security update for Apache 2 oes/CORE
16038| [65113] SLES9: Security update for apache2
16039| [65072] SLES9: Security update for apache and mod_ssl
16040| [65017] SLES9: Security update for Apache 2
16041| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16042| [64783] FreeBSD Ports: apache
16043| [64774] Ubuntu USN-802-2 (apache2)
16044| [64653] Ubuntu USN-813-2 (apache2)
16045| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16046| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16047| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16048| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16049| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16050| [64443] Ubuntu USN-802-1 (apache2)
16051| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16052| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16053| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16054| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16055| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16056| [64201] Ubuntu USN-787-1 (apache2)
16057| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16058| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16059| [63565] FreeBSD Ports: apache
16060| [63562] Ubuntu USN-731-1 (apache2)
16061| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16062| [61185] FreeBSD Ports: apache
16063| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16064| [60387] Slackware Advisory SSA:2008-045-02 apache
16065| [58826] FreeBSD Ports: apache-tomcat
16066| [58825] FreeBSD Ports: apache-tomcat
16067| [58804] FreeBSD Ports: apache
16068| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16069| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16070| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16071| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16072| [57335] Debian Security Advisory DSA 1167-1 (apache)
16073| [57201] Debian Security Advisory DSA 1131-1 (apache)
16074| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16075| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16076| [57145] FreeBSD Ports: apache
16077| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16078| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16079| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16080| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16081| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16082| [56067] FreeBSD Ports: apache
16083| [55803] Slackware Advisory SSA:2005-310-04 apache
16084| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16085| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16086| [55355] FreeBSD Ports: apache
16087| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16088| [55261] Debian Security Advisory DSA 805-1 (apache2)
16089| [55259] Debian Security Advisory DSA 803-1 (apache)
16090| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16091| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16092| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16093| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16094| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16095| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16096| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16097| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16098| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16099| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16100| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16101| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16102| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16103| [54439] FreeBSD Ports: apache
16104| [53931] Slackware Advisory SSA:2004-133-01 apache
16105| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16106| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16107| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16108| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16109| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16110| [53848] Debian Security Advisory DSA 131-1 (apache)
16111| [53784] Debian Security Advisory DSA 021-1 (apache)
16112| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16113| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16114| [53735] Debian Security Advisory DSA 187-1 (apache)
16115| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16116| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16117| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16118| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16119| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16120| [53282] Debian Security Advisory DSA 594-1 (apache)
16121| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16122| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16123| [53215] Debian Security Advisory DSA 525-1 (apache)
16124| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16125| [52529] FreeBSD Ports: apache+ssl
16126| [52501] FreeBSD Ports: apache
16127| [52461] FreeBSD Ports: apache
16128| [52390] FreeBSD Ports: apache
16129| [52389] FreeBSD Ports: apache
16130| [52388] FreeBSD Ports: apache
16131| [52383] FreeBSD Ports: apache
16132| [52339] FreeBSD Ports: apache+mod_ssl
16133| [52331] FreeBSD Ports: apache
16134| [52329] FreeBSD Ports: ru-apache+mod_ssl
16135| [52314] FreeBSD Ports: apache
16136| [52310] FreeBSD Ports: apache
16137| [15588] Detect Apache HTTPS
16138| [15555] Apache mod_proxy content-length buffer overflow
16139| [15554] Apache mod_include priviledge escalation
16140| [14771] Apache <= 1.3.33 htpasswd local overflow
16141| [14177] Apache mod_access rule bypass
16142| [13644] Apache mod_rootme Backdoor
16143| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16144| [12280] Apache Connection Blocking Denial of Service
16145| [12239] Apache Error Log Escape Sequence Injection
16146| [12123] Apache Tomcat source.jsp malformed request information disclosure
16147| [12085] Apache Tomcat servlet/JSP container default files
16148| [11438] Apache Tomcat Directory Listing and File disclosure
16149| [11204] Apache Tomcat Default Accounts
16150| [11092] Apache 2.0.39 Win32 directory traversal
16151| [11046] Apache Tomcat TroubleShooter Servlet Installed
16152| [11042] Apache Tomcat DOS Device Name XSS
16153| [11041] Apache Tomcat /servlet Cross Site Scripting
16154| [10938] Apache Remote Command Execution via .bat files
16155| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16156| [10773] MacOS X Finder reveals contents of Apache Web files
16157| [10766] Apache UserDir Sensitive Information Disclosure
16158| [10756] MacOS X Finder reveals contents of Apache Web directories
16159| [10752] Apache Auth Module SQL Insertion Attack
16160| [10704] Apache Directory Listing
16161| [10678] Apache /server-info accessible
16162| [10677] Apache /server-status accessible
16163| [10440] Check for Apache Multiple / vulnerability
16164|
16165| SecurityTracker - https://www.securitytracker.com:
16166| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16167| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16168| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16169| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16170| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16171| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16172| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16173| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16174| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16175| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16176| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16177| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16178| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16179| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16180| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16181| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16182| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16183| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16184| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16185| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16186| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16187| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16188| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16189| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16190| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16191| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16192| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16193| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16194| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16195| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16196| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16197| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16198| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16199| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16200| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16201| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16202| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16203| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16204| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16205| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16206| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16207| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16208| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16209| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16210| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16211| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16212| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16213| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16214| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16215| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16216| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16217| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16218| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16219| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16220| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16221| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16222| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16223| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16224| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16225| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16226| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16227| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16228| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16229| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16230| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16231| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16232| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16233| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16234| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16235| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16236| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16237| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16238| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16239| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16240| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16241| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16242| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16243| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16244| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16245| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16246| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16247| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16248| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16249| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16250| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16251| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16252| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16253| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16254| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16255| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16256| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16257| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16258| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16259| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16260| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16261| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16262| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16263| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16264| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16265| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16266| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16267| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16268| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16269| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16270| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16271| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16272| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16273| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16274| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16275| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16276| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16277| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16278| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16279| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16280| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16281| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16282| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16283| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16284| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16285| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16286| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16287| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16288| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16289| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16290| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16291| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16292| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16293| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16294| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16295| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16296| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16297| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16298| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16299| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16300| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16301| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16302| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16303| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16304| [1008920] Apache mod_digest May Validate Replayed Client Responses
16305| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16306| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16307| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16308| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16309| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16310| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16311| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16312| [1008029] Apache mod_alias Contains a Buffer Overflow
16313| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16314| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16315| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16316| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16317| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16318| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16319| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16320| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16321| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16322| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16323| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16324| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16325| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16326| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16327| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16328| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16329| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16330| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16331| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16332| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16333| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16334| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16335| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16336| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16337| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16338| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16339| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16340| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16341| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16342| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16343| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16344| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16345| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16346| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16347| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16348| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16349| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16350| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16351| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16352| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16353| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16354| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16355| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16356| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16357| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16358| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16359| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16360| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16361| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16362| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16363| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16364| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16365| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16366| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16367| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16368| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16369|
16370| OSVDB - http://www.osvdb.org:
16371| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16372| [96077] Apache CloudStack Global Settings Multiple Field XSS
16373| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16374| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16375| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16376| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16377| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16378| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16379| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16380| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16381| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16382| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16383| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16384| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16385| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16386| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16387| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16388| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16389| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16390| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16391| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16392| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16393| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16394| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16395| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16396| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16397| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16398| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16399| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16400| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16401| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16402| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16403| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16404| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16405| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16406| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16407| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16408| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16409| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16410| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16411| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16412| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16413| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16414| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16415| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16416| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16417| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16418| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16419| [94279] Apache Qpid CA Certificate Validation Bypass
16420| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16421| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16422| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16423| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16424| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16425| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16426| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16427| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16428| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16429| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16430| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16431| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16432| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16433| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16434| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16435| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16436| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16437| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16438| [93541] Apache Solr json.wrf Callback XSS
16439| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16440| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16441| [93520] Apache CloudStack Default SSL Key Weakness
16442| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16443| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16444| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16445| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16446| [93515] Apache HBase table.jsp name Parameter XSS
16447| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16448| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16449| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16450| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16451| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16452| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16453| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16454| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16455| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16456| [93252] Apache Tomcat FORM Authenticator Session Fixation
16457| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16458| [93171] Apache Sling HtmlResponse Error Message XSS
16459| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16460| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16461| [93168] Apache Click ErrorReport.java id Parameter XSS
16462| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16463| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16464| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16465| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16466| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16467| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16468| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16469| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16470| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16471| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16472| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16473| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16474| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16475| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16476| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16477| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16478| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16479| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16480| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16481| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16482| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16483| [93144] Apache Solr Admin Command Execution CSRF
16484| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16485| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16486| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16487| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16488| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16489| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16490| [92748] Apache CloudStack VM Console Access Restriction Bypass
16491| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16492| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16493| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16494| [92706] Apache ActiveMQ Debug Log Rendering XSS
16495| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16496| [92270] Apache Tomcat Unspecified CSRF
16497| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16498| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16499| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16500| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16501| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16502| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16503| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16504| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16505| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16506| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16507| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16508| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16509| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16510| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16511| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16512| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16513| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16514| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16515| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16516| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16517| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16518| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16519| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16520| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16521| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16522| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16523| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16524| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16525| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16526| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16527| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16528| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16529| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16530| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16531| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16532| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16533| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16534| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16535| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16536| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16537| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16538| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16539| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16540| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16541| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16542| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16543| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16544| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16545| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16546| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16547| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16548| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16549| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16550| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16551| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16552| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16553| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16554| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16555| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16556| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16557| [86901] Apache Tomcat Error Message Path Disclosure
16558| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16559| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16560| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16561| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16562| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16563| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16564| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16565| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16566| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16567| [85430] Apache mod_pagespeed Module Unspecified XSS
16568| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16569| [85249] Apache Wicket Unspecified XSS
16570| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16571| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16572| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16573| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16574| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16575| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16576| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16577| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16578| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16579| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16580| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16581| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16582| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16583| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16584| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16585| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16586| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16587| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16588| [83339] Apache Roller Blogger Roll Unspecified XSS
16589| [83270] Apache Roller Unspecified Admin Action CSRF
16590| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16591| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16592| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16593| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16594| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16595| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16596| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16597| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16598| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16599| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16600| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16601| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16602| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16603| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16604| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16605| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16606| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16607| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16608| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16609| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16610| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16611| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16612| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16613| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16614| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16615| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16616| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16617| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16618| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16619| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16620| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16621| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16622| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16623| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16624| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16625| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16626| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16627| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16628| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16629| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16630| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16631| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16632| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16633| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16634| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16635| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16636| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16637| [77593] Apache Struts Conversion Error OGNL Expression Injection
16638| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16639| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16640| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16641| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16642| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16643| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16644| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16645| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16646| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16647| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16648| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16649| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16650| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16651| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16652| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16653| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16654| [74725] Apache Wicket Multi Window Support Unspecified XSS
16655| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16656| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16657| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16658| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16659| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16660| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16661| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16662| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16663| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16664| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16665| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16666| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
16667| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
16668| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
16669| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
16670| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
16671| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
16672| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
16673| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
16674| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
16675| [73154] Apache Archiva Multiple Unspecified CSRF
16676| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
16677| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
16678| [72238] Apache Struts Action / Method Names <
16679| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
16680| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
16681| [71557] Apache Tomcat HTML Manager Multiple XSS
16682| [71075] Apache Archiva User Management Page XSS
16683| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
16684| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
16685| [70924] Apache Continuum Multiple Admin Function CSRF
16686| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
16687| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
16688| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
16689| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
16690| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
16691| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
16692| [69520] Apache Archiva Administrator Credential Manipulation CSRF
16693| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
16694| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
16695| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
16696| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
16697| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
16698| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
16699| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
16700| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
16701| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
16702| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
16703| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
16704| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
16705| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
16706| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
16707| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
16708| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
16709| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
16710| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
16711| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
16712| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
16713| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
16714| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
16715| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
16716| [65054] Apache ActiveMQ Jetty Error Handler XSS
16717| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
16718| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
16719| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
16720| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
16721| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
16722| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
16723| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
16724| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
16725| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
16726| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
16727| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
16728| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
16729| [63895] Apache HTTP Server mod_headers Unspecified Issue
16730| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
16731| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
16732| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
16733| [63140] Apache Thrift Service Malformed Data Remote DoS
16734| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
16735| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
16736| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
16737| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
16738| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
16739| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
16740| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
16741| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
16742| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
16743| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
16744| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
16745| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
16746| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
16747| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
16748| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
16749| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
16750| [60678] Apache Roller Comment Email Notification Manipulation DoS
16751| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
16752| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
16753| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
16754| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
16755| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
16756| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
16757| [60232] PHP on Apache php.exe Direct Request Remote DoS
16758| [60176] Apache Tomcat Windows Installer Admin Default Password
16759| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
16760| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
16761| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
16762| [59944] Apache Hadoop jobhistory.jsp XSS
16763| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
16764| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
16765| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
16766| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
16767| [59019] Apache mod_python Cookie Salting Weakness
16768| [59018] Apache Harmony Error Message Handling Overflow
16769| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
16770| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
16771| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
16772| [59010] Apache Solr get-file.jsp XSS
16773| [59009] Apache Solr action.jsp XSS
16774| [59008] Apache Solr analysis.jsp XSS
16775| [59007] Apache Solr schema.jsp Multiple Parameter XSS
16776| [59006] Apache Beehive select / checkbox Tag XSS
16777| [59005] Apache Beehive jpfScopeID Global Parameter XSS
16778| [59004] Apache Beehive Error Message XSS
16779| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
16780| [59002] Apache Jetspeed default-page.psml URI XSS
16781| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
16782| [59000] Apache CXF Unsigned Message Policy Bypass
16783| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
16784| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
16785| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
16786| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
16787| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
16788| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
16789| [58993] Apache Hadoop browseBlock.jsp XSS
16790| [58991] Apache Hadoop browseDirectory.jsp XSS
16791| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
16792| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
16793| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
16794| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
16795| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
16796| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
16797| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
16798| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
16799| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
16800| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
16801| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
16802| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
16803| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
16804| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
16805| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
16806| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
16807| [58974] Apache Sling /apps Script User Session Management Access Weakness
16808| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
16809| [58931] Apache Geronimo Cookie Parameters Validation Weakness
16810| [58930] Apache Xalan-C++ XPath Handling Remote DoS
16811| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
16812| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
16813| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
16814| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
16815| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
16816| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
16817| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
16818| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
16819| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
16820| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
16821| [58805] Apache Derby Unauthenticated Database / Admin Access
16822| [58804] Apache Wicket Header Contribution Unspecified Issue
16823| [58803] Apache Wicket Session Fixation
16824| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
16825| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
16826| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
16827| [58799] Apache Tapestry Logging Cleartext Password Disclosure
16828| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
16829| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
16830| [58796] Apache Jetspeed Unsalted Password Storage Weakness
16831| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
16832| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
16833| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
16834| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
16835| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
16836| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
16837| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
16838| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
16839| [58775] Apache JSPWiki preview.jsp action Parameter XSS
16840| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16841| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
16842| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
16843| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
16844| [58770] Apache JSPWiki Group.jsp group Parameter XSS
16845| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
16846| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
16847| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
16848| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
16849| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16850| [58763] Apache JSPWiki Include Tag Multiple Script XSS
16851| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
16852| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
16853| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
16854| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
16855| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
16856| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
16857| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
16858| [58755] Apache Harmony DRLVM Non-public Class Member Access
16859| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
16860| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
16861| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
16862| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
16863| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
16864| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
16865| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
16866| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
16867| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
16868| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
16869| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
16870| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
16871| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
16872| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
16873| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
16874| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
16875| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
16876| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
16877| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
16878| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
16879| [58725] Apache Tapestry Basic String ACL Bypass Weakness
16880| [58724] Apache Roller Logout Functionality Failure Session Persistence
16881| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
16882| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
16883| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
16884| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
16885| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
16886| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
16887| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
16888| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
16889| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
16890| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
16891| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
16892| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
16893| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
16894| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
16895| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
16896| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
16897| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
16898| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
16899| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
16900| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
16901| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
16902| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
16903| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
16904| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
16905| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
16906| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
16907| [58687] Apache Axis Invalid wsdl Request XSS
16908| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
16909| [58685] Apache Velocity Template Designer Privileged Code Execution
16910| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
16911| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
16912| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
16913| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
16914| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
16915| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
16916| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
16917| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
16918| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
16919| [58667] Apache Roller Database Cleartext Passwords Disclosure
16920| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
16921| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
16922| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
16923| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
16924| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
16925| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
16926| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
16927| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
16928| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
16929| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
16930| [56984] Apache Xerces2 Java Malformed XML Input DoS
16931| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
16932| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
16933| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
16934| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
16935| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
16936| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
16937| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
16938| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
16939| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
16940| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
16941| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
16942| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
16943| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
16944| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
16945| [55056] Apache Tomcat Cross-application TLD File Manipulation
16946| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
16947| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
16948| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
16949| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
16950| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
16951| [54589] Apache Jserv Nonexistent JSP Request XSS
16952| [54122] Apache Struts s:a / s:url Tag href Element XSS
16953| [54093] Apache ActiveMQ Web Console JMS Message XSS
16954| [53932] Apache Geronimo Multiple Admin Function CSRF
16955| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
16956| [53930] Apache Geronimo /console/portal/ URI XSS
16957| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
16958| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
16959| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
16960| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
16961| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
16962| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
16963| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
16964| [53380] Apache Struts Unspecified XSS
16965| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
16966| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
16967| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
16968| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
16969| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
16970| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
16971| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
16972| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
16973| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
16974| [51151] Apache Roller Search Function q Parameter XSS
16975| [50482] PHP with Apache php_value Order Unspecified Issue
16976| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
16977| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
16978| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
16979| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
16980| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
16981| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
16982| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
16983| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
16984| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
16985| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
16986| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
16987| [47096] Oracle Weblogic Apache Connector POST Request Overflow
16988| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
16989| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
16990| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
16991| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
16992| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
16993| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
16994| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
16995| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
16996| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
16997| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
16998| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
16999| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17000| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17001| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17002| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17003| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17004| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17005| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17006| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17007| [43452] Apache Tomcat HTTP Request Smuggling
17008| [43309] Apache Geronimo LoginModule Login Method Bypass
17009| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17010| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17011| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17012| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17013| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17014| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17015| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17016| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17017| [42091] Apache Maven Site Plugin Installation Permission Weakness
17018| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17019| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17020| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17021| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17022| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17023| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17024| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17025| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17026| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17027| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17028| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17029| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17030| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17031| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17032| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17033| [40262] Apache HTTP Server mod_status refresh XSS
17034| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17035| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17036| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17037| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17038| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17039| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17040| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17041| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17042| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17043| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17044| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17045| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17046| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17047| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17048| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17049| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17050| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17051| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17052| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17053| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17054| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17055| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17056| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17057| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17058| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17059| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17060| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17061| [36079] Apache Tomcat Manager Uploaded Filename XSS
17062| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17063| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17064| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17065| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17066| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17067| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17068| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17069| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17070| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17071| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17072| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17073| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17074| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17075| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17076| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17077| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17078| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17079| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17080| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17081| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17082| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17083| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17084| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17085| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17086| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17087| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17088| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17089| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17090| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17091| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17092| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17093| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17094| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17095| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17096| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17097| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17098| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17099| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17100| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17101| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17102| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17103| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17104| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17105| [24365] Apache Struts Multiple Function Error Message XSS
17106| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17107| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17108| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17109| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17110| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17111| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17112| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17113| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17114| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17115| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17116| [22459] Apache Geronimo Error Page XSS
17117| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17118| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17119| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17120| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17121| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17122| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17123| [21021] Apache Struts Error Message XSS
17124| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17125| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17126| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17127| [20439] Apache Tomcat Directory Listing Saturation DoS
17128| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17129| [20285] Apache HTTP Server Log File Control Character Injection
17130| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17131| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17132| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17133| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17134| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17135| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17136| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17137| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17138| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17139| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17140| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17141| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17142| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17143| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17144| [18233] Apache HTTP Server htdigest user Variable Overfow
17145| [17738] Apache HTTP Server HTTP Request Smuggling
17146| [16586] Apache HTTP Server Win32 GET Overflow DoS
17147| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17148| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17149| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17150| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17151| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17152| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17153| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17154| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17155| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17156| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17157| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17158| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17159| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17160| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17161| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17162| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17163| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17164| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17165| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17166| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17167| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17168| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17169| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17170| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17171| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17172| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17173| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17174| [13304] Apache Tomcat realPath.jsp Path Disclosure
17175| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17176| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17177| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17178| [12848] Apache HTTP Server htdigest realm Variable Overflow
17179| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17180| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17181| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17182| [12557] Apache HTTP Server prefork MPM accept Error DoS
17183| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17184| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17185| [12231] Apache Tomcat web.xml Arbitrary File Access
17186| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17187| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17188| [12178] Apache Jakarta Lucene results.jsp XSS
17189| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17190| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17191| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17192| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17193| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17194| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17195| [10471] Apache Xerces-C++ XML Parser DoS
17196| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17197| [10068] Apache HTTP Server htpasswd Local Overflow
17198| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17199| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17200| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17201| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17202| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17203| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17204| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17205| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17206| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17207| [9714] Apache Authentication Module Threaded MPM DoS
17208| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17209| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17210| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17211| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17212| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17213| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17214| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17215| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17216| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17217| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17218| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17219| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17220| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17221| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17222| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17223| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17224| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17225| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17226| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17227| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17228| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17229| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17230| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17231| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17232| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17233| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17234| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17235| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17236| [9208] Apache Tomcat .jsp Encoded Newline XSS
17237| [9204] Apache Tomcat ROOT Application XSS
17238| [9203] Apache Tomcat examples Application XSS
17239| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17240| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17241| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17242| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17243| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17244| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17245| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17246| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17247| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17248| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17249| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17250| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17251| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17252| [7611] Apache HTTP Server mod_alias Local Overflow
17253| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17254| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17255| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17256| [6882] Apache mod_python Malformed Query String Variant DoS
17257| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17258| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17259| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17260| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17261| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17262| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17263| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17264| [5278] Apache Tomcat web.xml Restriction Bypass
17265| [5051] Apache Tomcat Null Character DoS
17266| [4973] Apache Tomcat servlet Mapping XSS
17267| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17268| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17269| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17270| [4568] mod_survey For Apache ENV Tags SQL Injection
17271| [4553] Apache HTTP Server ApacheBench Overflow DoS
17272| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17273| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17274| [4383] Apache HTTP Server Socket Race Condition DoS
17275| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17276| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17277| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17278| [4231] Apache Cocoon Error Page Server Path Disclosure
17279| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17280| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17281| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17282| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17283| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17284| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17285| [3322] mod_php for Apache HTTP Server Process Hijack
17286| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17287| [2885] Apache mod_python Malformed Query String DoS
17288| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17289| [2733] Apache HTTP Server mod_rewrite Local Overflow
17290| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17291| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17292| [2149] Apache::Gallery Privilege Escalation
17293| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17294| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17295| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17296| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17297| [872] Apache Tomcat Multiple Default Accounts
17298| [862] Apache HTTP Server SSI Error Page XSS
17299| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17300| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17301| [845] Apache Tomcat MSDOS Device XSS
17302| [844] Apache Tomcat Java Servlet Error Page XSS
17303| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17304| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17305| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17306| [775] Apache mod_python Module Importing Privilege Function Execution
17307| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17308| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17309| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17310| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17311| [637] Apache HTTP Server UserDir Directive Username Enumeration
17312| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17313| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17314| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17315| [561] Apache Web Servers mod_status /server-status Information Disclosure
17316| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17317| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17318| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17319| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17320| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17321| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17322| [376] Apache Tomcat contextAdmin Arbitrary File Access
17323| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17324| [222] Apache HTTP Server test-cgi Arbitrary File Access
17325| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17326| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17327|_
1732881/tcp closed hosts2-ns
17329139/tcp closed netbios-ssn
17330443/tcp open ssl/https Apache
17331|_http-server-header: Apache
17332445/tcp closed microsoft-ds
173333636/tcp closed servistaitsm
17334Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.32 - 3.1 (92%), Linux 2.6.39 (92%), HP P2000 G3 NAS device (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.5 (91%), Linux 3.8 (91%)
17335No exact OS matches for host (test conditions non-ideal).
17336Uptime guess: 2.529 days (since Tue Dec 3 14:53:06 2019)
17337Network Distance: 16 hops
17338TCP Sequence Prediction: Difficulty=255 (Good luck!)
17339IP ID Sequence Generation: All zeros
17340
17341TRACEROUTE (using port 81/tcp)
17342HOP RTT ADDRESS
173431 133.69 ms 10.216.200.1
173442 ...
173453 134.69 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
173464 134.35 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
173475 139.72 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
173486 162.93 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
173497 167.56 ms be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)
173508 247.15 ms be12194.ccr41.lon13.atlas.cogentco.com (154.54.56.93)
173519 243.35 ms be2317.ccr41.jfk02.atlas.cogentco.com (154.54.30.185)
1735210 246.83 ms be3471.ccr41.jfk02.atlas.cogentco.com (154.54.40.154)
1735311 258.43 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
1735412 271.69 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
1735513 270.67 ms be3482.ccr21.mia01.atlas.cogentco.com (154.54.24.146)
1735614 272.08 ms 38.104.94.214
1735715 284.45 ms mia-core2-po3.mojohost.com (64.59.80.102)
1735816 266.05 ms 74.206.167.239
17359
17360NSE: Script Post-scanning.
17361Initiating NSE at 03:35
17362Completed NSE at 03:35, 0.00s elapsed
17363Initiating NSE at 03:35
17364Completed NSE at 03:35, 0.00s elapsed
17365#######################################################################################################################################
17366Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 03:35 EST
17367NSE: Loaded 47 scripts for scanning.
17368NSE: Script Pre-scanning.
17369Initiating NSE at 03:35
17370Completed NSE at 03:35, 0.00s elapsed
17371Initiating NSE at 03:35
17372Completed NSE at 03:35, 0.00s elapsed
17373Initiating Parallel DNS resolution of 1 host. at 03:35
17374Completed Parallel DNS resolution of 1 host. at 03:35, 0.12s elapsed
17375Initiating UDP Scan at 03:35
17376Scanning 74.206.167.239 [15 ports]
17377Completed UDP Scan at 03:35, 2.37s elapsed (15 total ports)
17378Initiating Service scan at 03:35
17379Scanning 12 services on 74.206.167.239
17380Service scan Timing: About 8.33% done; ETC: 03:54 (0:17:58 remaining)
17381Completed Service scan at 03:37, 102.59s elapsed (12 services on 1 host)
17382Initiating OS detection (try #1) against 74.206.167.239
17383Retrying OS detection (try #2) against 74.206.167.239
17384Initiating Traceroute at 03:37
17385Completed Traceroute at 03:37, 7.15s elapsed
17386Initiating Parallel DNS resolution of 1 host. at 03:37
17387Completed Parallel DNS resolution of 1 host. at 03:37, 0.00s elapsed
17388NSE: Script scanning 74.206.167.239.
17389Initiating NSE at 03:37
17390Completed NSE at 03:37, 7.26s elapsed
17391Initiating NSE at 03:37
17392Completed NSE at 03:37, 1.30s elapsed
17393Nmap scan report for 74.206.167.239
17394Host is up (0.20s latency).
17395
17396PORT STATE SERVICE VERSION
1739753/udp open|filtered domain
1739867/udp open|filtered dhcps
1739968/udp open|filtered dhcpc
1740069/udp open|filtered tftp
1740188/udp open|filtered kerberos-sec
17402123/udp filtered ntp
17403137/udp filtered netbios-ns
17404138/udp filtered netbios-dgm
17405139/udp open|filtered netbios-ssn
17406161/udp open|filtered snmp
17407162/udp open|filtered snmptrap
17408389/udp open|filtered ldap
17409500/udp open|filtered isakmp
17410|_ike-version: ERROR: Script execution failed (use -d to debug)
17411520/udp open|filtered route
174122049/udp open|filtered nfs
17413Too many fingerprints match this host to give specific OS details
17414
17415TRACEROUTE (using port 137/udp)
17416HOP RTT ADDRESS
174171 130.14 ms 10.216.200.1
174182 ... 3
174194 130.01 ms 10.216.200.1
174205 135.78 ms 10.216.200.1
174216 135.76 ms 10.216.200.1
174227 135.74 ms 10.216.200.1
174238 135.74 ms 10.216.200.1
174249 135.73 ms 10.216.200.1
1742510 135.71 ms 10.216.200.1
1742611 ... 18
1742719 131.30 ms 10.216.200.1
1742820 130.94 ms 10.216.200.1
1742921 ... 28
1743029 130.84 ms 10.216.200.1
1743130 130.65 ms 10.216.200.1
17432
17433NSE: Script Post-scanning.
17434Initiating NSE at 03:37
17435Completed NSE at 03:37, 0.00s elapsed
17436Initiating NSE at 03:37
17437Completed NSE at 03:37, 0.00s elapsed
17438#######################################################################################################################################
17439 Anonymous JTSEC #OpChildSafety Full Recon #11