· 6 years ago · Jan 17, 2020, 09:14 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.vantec-gl.com ISP Amazon.com, Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Tokyo Local time 18 Jan 2020 05:04 JST
8City Tokyo Postal Code 102-0082
9IP Address 52.198.68.5 Latitude 35.688
10 Longitude 139.753
11=======================================================================================================================================
12#######################################################################################################################################
13> www.vantec-gl.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.vantec-gl.com
19Address: 52.198.68.5
20>
21#######################################################################################################################################
22 Domain Name: VANTEC-GL.COM
23 Registry Domain ID: 1508667769_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.jprs.jp
25 Registrar URL: http://jprs.jp/registrar/
26 Updated Date: 2019-07-12T15:57:07Z
27 Creation Date: 2008-07-16T07:33:04Z
28 Registry Expiry Date: 2020-07-16T07:33:04Z
29 Registrar: Japan Registry Services Co., Ltd.
30 Registrar IANA ID: 1485
31 Registrar Abuse Contact Email: gtld-abuse@jprs.jp
32 Registrar Abuse Contact Phone: +81.352158457
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: NS-109.AWSDNS-13.COM
35 Name Server: NS-1360.AWSDNS-42.ORG
36 Name Server: NS-1648.AWSDNS-14.CO.UK
37 Name Server: NS-766.AWSDNS-31.NET
38 DNSSEC: unsigned
39#######################################################################################################################################
40Domain Name: VANTEC-GL.COM
41Registry Domain ID: 1508667769_DOMAIN_COM-VRSN
42Registrar WHOIS Server: whois.jprs.jp
43Registrar URL: https://jprs.jp/registrar/
44Updated Date: 2019-08-05T00:48:26Z
45Creation Date: 2008-07-16T07:33:04Z
46Registrar Registration Expiration Date: 2020-07-16T07:33:04Z
47Registrar: Japan Registry Services Co.,Ltd.(JPRS)
48Registrar IANA ID: 1485
49Registrar Abuse Contact Email: gtld-abuse@jprs.jp
50Registrar Abuse Contact Phone: +81.352158457
51Domain Status: ok https://icann.org/epp#ok
52Registry Registrant ID: Not Available From Registry
53Registrant Name: VANTEC CORPORATION
54Registrant Street: Minatomirai Center Building, 3-6-1 Minatomirai
55Registrant City: Nishi-ku,Yokohama
56Registrant State/Province: Kanagawa
57Registrant Postal Code: 2200012
58Registrant Country: JP
59Registrant Phone: +81.453065225
60Registrant Email: domain_admin@vantec-gl.com
61Registry Admin ID: Not Available From Registry
62Admin Name: Ichikawa Shinya
63Admin Street: Minatomirai Center Building, 3-6-1 Minatomirai
64Admin City: Nishi-ku,Yokohama
65Admin State/Province: Kanagawa
66Admin Postal Code: 2200012
67Admin Country: JP
68Admin Phone: +81.453065225
69Admin Email: domain_admin@vantec-gl.com
70Registry Tech ID: Not Available From Registry
71Tech Name: Ichikawa Shinya
72Tech Street: Minatomirai Center Building, 3-6-1 Minatomirai
73Tech City: Nishi-ku,Yokohama
74Tech State/Province: Kanagawa
75Tech Postal Code: 2200012
76Tech Country: JP
77Tech Phone: +81.453065225
78Tech Email: domain_admin@vantec-gl.com
79Name Server: NS-109.AWSDNS-13.COM
80Name Server: NS-766.AWSDNS-31.NET
81Name Server: NS-1648.AWSDNS-14.CO.UK
82Name Server: NS-1360.AWSDNS-42.ORG
83DNSSEC: unsigned
84#######################################################################################################################################
85[+] Target : www.vantec-gl.com
86
87[+] IP Address : 52.198.68.5
88
89[+] Headers :
90
91[+] Date : Fri, 17 Jan 2020 20:09:31 GMT
92[+] Server : Apache
93[+] Last-Modified : Mon, 29 Jul 2019 03:11:36 GMT
94[+] ETag : "9078-58ec93ff2ca00"
95[+] Accept-Ranges : bytes
96[+] Content-Length : 36984
97[+] Keep-Alive : timeout=5, max=100
98[+] Connection : Keep-Alive
99[+] Content-Type : text/html; charset=UTF-8
100
101[+] SSL Certificate Information :
102
103[+] countryName : JP
104[+] stateOrProvinceName : Kanagawa
105[+] localityName : Yokohama
106[+] organizationName : VANTEC CORPORATION
107[+] commonName : www.vantec-gl.com
108[+] countryName : BE
109[+] organizationName : GlobalSign nv-sa
110[+] commonName : GlobalSign RSA OV SSL CA 2018
111[+] Version : 3
112[+] Serial Number : 7F22883CB53CA0AB20ED7265
113[+] Not Before : Nov 6 07:06:11 2019 GMT
114[+] Not After : Dec 18 23:59:59 2020 GMT
115[+] OCSP : ('http://ocsp.globalsign.com/gsrsaovsslca2018',)
116[+] subject Alt Name : (('DNS', 'www.vantec-gl.com'), ('DNS', 'vantec-gl.com'))
117[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt',)
118
119[+] Whois Lookup :
120
121[+] NIR : None
122[+] ASN Registry : arin
123[+] ASN : 16509
124[+] ASN CIDR : 52.196.0.0/14
125[+] ASN Country Code : US
126[+] ASN Date : 2015-09-02
127[+] ASN Description : AMAZON-02 - Amazon.com, Inc., US
128[+] cidr : 52.196.0.0/14
129[+] name : AMAZON-NRT
130[+] handle : NET-52-196-0-0-1
131[+] range : 52.196.0.0 - 52.199.255.255
132[+] description : Amazon Data Services Japan
133[+] country : JP
134[+] state : PostalCode: 150-0002
135[+] city : Tokyo
136[+] address : 11F Shibuya Cross Tower
1372-15-1, Shibuya-ku Shibuya
138[+] postal_code : 150-0002
139[+] emails : ['amzn-noc-contact@amazon.com', 'abuse@amazonaws.com']
140[+] created : 2015-12-10
141[+] updated : 2015-12-10
142
143[+] Crawling Target...
144
145[+] Looking for robots.txt........[ Not Found ]
146[+] Looking for sitemap.xml.......[ Found ]
147[+] Extracting sitemap Links......[ 339 ]
148[+] Extracting CSS Links..........[ 9 ]
149[+] Extracting Javascript Links...[ 11 ]
150[+] Extracting Internal Links.....[ 0 ]
151[+] Extracting External Links.....[ 3 ]
152[+] Extracting Images.............[ 30 ]
153
154[+] Total Links Extracted : 392
155
156[+] Dumping Links in /opt/FinalRecon/dumps/www.vantec-gl.com.dump
157[+] Completed!
158######################################################################################################################################
159[i] Scanning Site: https://52.198.68.5
160
161
162
163B A S I C I N F O
164====================
165
166
167[+] Site Title: HOME | VANTEC CORPORATION
168[+] IP address: 52.198.68.5
169[+] Web Server: Apache
170[+] CMS: Could Not Detect
171[+] Cloudflare: Not Detected
172[+] Robots File: Could NOT Find robots.txt!
173
174
175
176
177W H O I S L O O K U P
178========================
179
180 % This is the RIPE Database query service.
181% The objects are in RPSL format.
182%
183% The RIPE Database is subject to Terms and Conditions.
184% See http://www.ripe.net/db/support/db-terms-conditions.pdf
185
186% Note: this output has been filtered.
187% To receive output for a database update, use the "-B" flag.
188
189% Information related to '52.144.96.0 - 52.255.255.255'
190
191% No abuse contact registered for 52.144.96.0 - 52.255.255.255
192
193inetnum: 52.144.96.0 - 52.255.255.255
194netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
195descr: IPv4 address block not managed by the RIPE NCC
196remarks: ------------------------------------------------------
197remarks:
198remarks: For registration information,
199remarks: you can consult the following sources:
200remarks:
201remarks: IANA
202remarks: http://www.iana.org/assignments/ipv4-address-space
203remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
204remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
205remarks:
206remarks: AFRINIC (Africa)
207remarks: http://www.afrinic.net/ whois.afrinic.net
208remarks:
209remarks: APNIC (Asia Pacific)
210remarks: http://www.apnic.net/ whois.apnic.net
211remarks:
212remarks: ARIN (Northern America)
213remarks: http://www.arin.net/ whois.arin.net
214remarks:
215remarks: LACNIC (Latin America and the Carribean)
216remarks: http://www.lacnic.net/ whois.lacnic.net
217remarks:
218remarks: ------------------------------------------------------
219country: EU # Country is really world wide
220admin-c: IANA1-RIPE
221tech-c: IANA1-RIPE
222status: ALLOCATED UNSPECIFIED
223mnt-by: RIPE-NCC-HM-MNT
224created: 2019-01-07T10:45:41Z
225last-modified: 2019-01-07T10:45:41Z
226source: RIPE
227
228% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
229
230
231
232
233
234
235G E O I P L O O K U P
236=========================
237
238[i] IP Address: 52.198.68.5
239[i] Country: Japan
240[i] State: Tokyo
241[i] City: Tokyo
242[i] Latitude: 35.6882
243[i] Longitude: 139.7532
244
245
246
247
248H T T P H E A D E R S
249=======================
250
251
252[i] HTTP/1.1 200 OK
253[i] Date: Fri, 17 Jan 2020 20:10:31 GMT
254[i] Server: Apache
255[i] Last-Modified: Mon, 29 Jul 2019 03:11:36 GMT
256[i] ETag: "9078-58ec93ff2ca00"
257[i] Accept-Ranges: bytes
258[i] Content-Length: 36984
259[i] Connection: close
260[i] Content-Type: text/html; charset=UTF-8
261
262
263
264
265D N S L O O K U P
266===================
267
268no records found
269
270
271
272S U B N E T C A L C U L A T I O N
273====================================
274
275Address = 52.198.68.5
276Network = 52.198.68.5 / 32
277Netmask = 255.255.255.255
278Broadcast = not needed on Point-to-Point links
279Wildcard Mask = 0.0.0.0
280Hosts Bits = 0
281Max. Hosts = 1 (2^0 - 0)
282Host Range = { 52.198.68.5 - 52.198.68.5 }
283
284
285
286N M A P P O R T S C A N
287============================
288
289Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-17 20:10 UTC
290Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
291Host is up (0.15s latency).
292
293PORT STATE SERVICE
29421/tcp filtered ftp
29522/tcp filtered ssh
29623/tcp filtered telnet
29780/tcp open http
298110/tcp filtered pop3
299143/tcp filtered imap
300443/tcp open https
3013389/tcp filtered ms-wbt-server
302
303Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds
304#######################################################################################################################################
305[+] Starting At 2020-01-17 15:10:29.973936
306[+] Collecting Information On: https://www.vantec-gl.com/
307[#] Status: 200
308--------------------------------------------------
309[#] Web Server Detected: Apache
310[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
311- Date: Fri, 17 Jan 2020 20:10:26 GMT
312- Server: Apache
313- Last-Modified: Mon, 29 Jul 2019 03:11:36 GMT
314- ETag: "9078-58ec93ff2ca00"
315- Accept-Ranges: bytes
316- Content-Length: 36984
317- Keep-Alive: timeout=5, max=100
318- Connection: Keep-Alive
319- Content-Type: text/html; charset=UTF-8
320--------------------------------------------------
321[#] Finding Location..!
322[#] status: fail
323[#] message: invalid query
324[#] query: vantec-gl.com
325--------------------------------------------------
326[x] Didn't Detect WAF Presence on: https://www.vantec-gl.com/
327--------------------------------------------------
328[#] Starting Reverse DNS
329[-] Failed ! Fail
330--------------------------------------------------
331[!] Scanning Open Port
332--------------------------------------------------
333[+] Getting SSL Info
334[Errno -2] Name or service not known
335--------------------------------------------------
336[+] Collecting Information Disclosure!
337[#] Detecting sitemap.xml file
338[!] sitemap.xml File Found: https://www.vantec-gl.com//sitemap.xml
339[#] Detecting robots.txt file
340[-] robots.txt file not Found!?
341[#] Detecting GNU Mailman
342[-] GNU Mailman App Not Detected!?
343--------------------------------------------------
344[+] Crawling Url Parameter On: https://www.vantec-gl.com/
345--------------------------------------------------
346[#] Searching Html Form !
347[+] Html Form Discovered
348[#] action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
349[#] class: ['search']
350[#] id: None
351[#] method: None
352--------------------------------------------------
353[!] Found 46 dom parameter
354[#] https://www.vantec-gl.com//#navigation
355[#] https://www.vantec-gl.com//#container
356[#] https://www.vantec-gl.com//#footer
357[#] https://www.vantec-gl.com//#modalMap01
358[#] https://www.vantec-gl.com//#modalMap02
359[#] https://www.vantec-gl.com//#modalMap03
360[#] https://www.vantec-gl.com//#modalMap04
361[#] https://www.vantec-gl.com//#modalMap05
362[#] https://www.vantec-gl.com//#modalMap06
363[#] https://www.vantec-gl.com//#modalMap07
364[#] https://www.vantec-gl.com//#modalMap08
365[#] https://www.vantec-gl.com//#modalMap09
366[#] https://www.vantec-gl.com//#modalMap10
367[#] https://www.vantec-gl.com//#modalMap11
368[#] https://www.vantec-gl.com//#modalMap12
369[#] https://www.vantec-gl.com//#modalMap13
370[#] https://www.vantec-gl.com//#modalMap14
371[#] https://www.vantec-gl.com//#modalMap15
372[#] https://www.vantec-gl.com//#modalMap16
373[#] https://www.vantec-gl.com//#modalMap17
374[#] https://www.vantec-gl.com//#modalMap18
375[#] https://www.vantec-gl.com//#modalMap19
376[#] https://www.vantec-gl.com//#modalMap20
377[#] https://www.vantec-gl.com//#modalMap21
378[#] https://www.vantec-gl.com//#modalMap01
379[#] https://www.vantec-gl.com//#modalMap02
380[#] https://www.vantec-gl.com//#modalMap03
381[#] https://www.vantec-gl.com//#modalMap04
382[#] https://www.vantec-gl.com//#modalMap05
383[#] https://www.vantec-gl.com//#modalMap06
384[#] https://www.vantec-gl.com//#modalMap07
385[#] https://www.vantec-gl.com//#modalMap08
386[#] https://www.vantec-gl.com//#modalMap09
387[#] https://www.vantec-gl.com//#modalMap10
388[#] https://www.vantec-gl.com//#modalMap11
389[#] https://www.vantec-gl.com//#modalMap12
390[#] https://www.vantec-gl.com//#modalMap13
391[#] https://www.vantec-gl.com//#modalMap14
392[#] https://www.vantec-gl.com//#modalMap15
393[#] https://www.vantec-gl.com//#modalMap16
394[#] https://www.vantec-gl.com//#modalMap17
395[#] https://www.vantec-gl.com//#modalMap18
396[#] https://www.vantec-gl.com//#modalMap19
397[#] https://www.vantec-gl.com//#modalMap20
398[#] https://www.vantec-gl.com//#modalMap21
399[#] https://www.vantec-gl.com//#page
400--------------------------------------------------
401[-] No internal Dynamic Parameter Found!?
402--------------------------------------------------
403[!] 1 External Dynamic Parameter Discovered
404[#] https://gslg.hitachi-hb.co.jp/gslg/AirOceanSearchDisp.do?lang=en¶m1=VHF
405--------------------------------------------------
406[!] 127 Internal links Discovered
407[+] https://www.vantec-gl.com/
408[+] https://www.vantec-gl.com/
409[+] https://www.vantec-gl.com/ru/
410[+] https://www.vantec-gl.com/in/
411[+] https://www.vantec-gl.com/mx/
412[+] https://www.vantec-gl.com/id/
413[+] https://www.vantec-gl.com/cn/
414[+] https://www.vantec-gl.com/uk/
415[+] https://www.vantec-gl.com/th/
416[+] https://www.vantec-gl.com/nl/
417[+] https://www.vantec-gl.com/jp/
418[+] https://www.vantec-gl.com/japanese/
419[+] https://www.vantec-gl.com///favicon.ico
420[+] https://www.vantec-gl.com///common/img/apple_touch_icon.png
421[+] https://www.vantec-gl.com///common/css/base.css
422[+] https://www.vantec-gl.com///common/css/layout.css
423[+] https://www.vantec-gl.com///common/css/jquery.bxslider.css
424[+] https://www.vantec-gl.com///common/css/top.css
425[+] https://www.vantec-gl.com///common/css/colorbox.css
426[+] https://www.vantec-gl.com///common/css/network.css
427[+] https://www.vantec-gl.com///common/js/leaflet/leaflet.css
428[+] https://www.vantec-gl.com///common/js/leaflet/MarkerCluster.css
429[+] https://www.vantec-gl.com///common/js/leaflet/MarkerCluster.Default.css
430[+] https://www.vantec-gl.com///
431[+] https://www.vantec-gl.com///japanese/
432[+] https://www.vantec-gl.com///vehicle/
433[+] https://www.vantec-gl.com//javascript:void(0);
434[+] https://www.vantec-gl.com///network/
435[+] https://www.vantec-gl.com///jp/
436[+] https://www.vantec-gl.com///cn/
437[+] https://www.vantec-gl.com///th/
438[+] https://www.vantec-gl.com///id/
439[+] https://www.vantec-gl.com///in/
440[+] https://www.vantec-gl.com///uk/
441[+] https://www.vantec-gl.com///ru/
442[+] https://www.vantec-gl.com///nl/
443[+] https://www.vantec-gl.com///mx/
444[+] https://www.vantec-gl.com///network/
445[+] https://www.vantec-gl.com//javascript:void(0);
446[+] https://www.vantec-gl.com//javascript:void(0);
447[+] https://www.vantec-gl.com///japanese/
448[+] https://www.vantec-gl.com///aboutus/
449[+] https://www.vantec-gl.com///aboutus/
450[+] https://www.vantec-gl.com///aboutus/
451[+] https://www.vantec-gl.com///aboutus/message/
452[+] https://www.vantec-gl.com///aboutus/profile/
453[+] https://www.vantec-gl.com///aboutus/philosophy/
454[+] https://www.vantec-gl.com///aboutus/history/
455[+] https://www.vantec-gl.com///aboutus/number/
456[+] https://www.vantec-gl.com///service/
457[+] https://www.vantec-gl.com///service/
458[+] https://www.vantec-gl.com///service/
459[+] https://www.vantec-gl.com///service/warehousing/
460[+] https://www.vantec-gl.com///service/transportation/
461[+] https://www.vantec-gl.com///service/value-added/
462[+] https://www.vantec-gl.com///service/scm-support/
463[+] https://www.vantec-gl.com///service/tailor-made/
464[+] https://www.vantec-gl.com///solution/
465[+] https://www.vantec-gl.com///solution/
466[+] https://www.vantec-gl.com///solution/
467[+] https://www.vantec-gl.com///solution/scm/
468[+] https://www.vantec-gl.com///solution/case-study/
469[+] https://www.vantec-gl.com///sustainability/
470[+] https://www.vantec-gl.com///sustainability/
471[+] https://www.vantec-gl.com///sustainability/
472[+] https://www.vantec-gl.com///sustainability/safety/
473[+] https://www.vantec-gl.com///sustainability/environment/
474[+] https://www.vantec-gl.com///sustainability/compliance/
475[+] https://www.vantec-gl.com///sustainability/risk/
476[+] https://www.vantec-gl.com///sustainability/contribution/
477[+] https://www.vantec-gl.com///career/
478[+] https://www.vantec-gl.com///career/
479[+] https://www.vantec-gl.com///career/
480[+] https://www.vantec-gl.com///career/message/
481[+] https://www.vantec-gl.com///career/company-pr/
482[+] https://www.vantec-gl.com///career/interview/
483[+] https://www.vantec-gl.com///career/requirements/
484[+] https://www.vantec-gl.com///contact/
485[+] https://www.vantec-gl.com///policy/
486[+] https://www.vantec-gl.com///legal/
487[+] https://www.vantec-gl.com///sitemap/
488[+] https://www.vantec-gl.com///network/
489[+] https://www.vantec-gl.com///news/
490[+] https://www.vantec-gl.com///news/pdf/190729_EN.pdf
491[+] https://www.vantec-gl.com///news/pdf/190715_EN for overseas.pdf
492[+] https://www.vantec-gl.com///news/pdf/170521_Vantec Driving Contest.pdf
493[+] https://www.vantec-gl.com///news/pdf/170315_VHA.pdf
494[+] https://www.vantec-gl.com///jp/
495[+] https://www.vantec-gl.com///cn/
496[+] https://www.vantec-gl.com///th/
497[+] https://www.vantec-gl.com///id/
498[+] https://www.vantec-gl.com///in/
499[+] https://www.vantec-gl.com///uk/
500[+] https://www.vantec-gl.com///ru/
501[+] https://www.vantec-gl.com///nl/
502[+] https://www.vantec-gl.com///mx/
503[+] https://www.vantec-gl.com///service/warehousing/
504[+] https://www.vantec-gl.com///service/transportation/
505[+] https://www.vantec-gl.com///service/value-added/
506[+] https://www.vantec-gl.com///service/scm-support/
507[+] https://www.vantec-gl.com///service/tailor-made/
508[+] https://www.vantec-gl.com///solution/scm/
509[+] https://www.vantec-gl.com///solution/case-study/
510[+] https://www.vantec-gl.com///aboutus/message/
511[+] https://www.vantec-gl.com///aboutus/profile/
512[+] https://www.vantec-gl.com///aboutus/philosophy/
513[+] https://www.vantec-gl.com///aboutus/history/
514[+] https://www.vantec-gl.com///network/
515[+] https://www.vantec-gl.com///aboutus/number/
516[+] https://www.vantec-gl.com///career/
517[+] https://www.vantec-gl.com///sustainability/
518[+] https://www.vantec-gl.com///news/
519[+] https://www.vantec-gl.com///news/pdf/190729_EN.pdf
520[+] https://www.vantec-gl.com///news/pdf/190715_EN for overseas.pdf
521[+] https://www.vantec-gl.com///news/pdf/170521_Vantec Driving Contest.pdf
522[+] https://www.vantec-gl.com///vehicle/
523[+] https://www.vantec-gl.com///aboutus/number/
524[+] https://www.vantec-gl.com///aboutus/
525[+] https://www.vantec-gl.com///service/
526[+] https://www.vantec-gl.com///solution/
527[+] https://www.vantec-gl.com///sustainability/
528[+] https://www.vantec-gl.com///career/
529[+] https://www.vantec-gl.com///contact/
530[+] https://www.vantec-gl.com///policy/
531[+] https://www.vantec-gl.com///legal/
532[+] https://www.vantec-gl.com///sitemap/
533[+] https://www.vantec-gl.com///network/
534--------------------------------------------------
535[!] 4 External links Discovered
536[#] http://www.hitachi-transportsystem.com/en/
537[#] http://hitachi-vht.com/
538[#] http://hitachi-vht.com/
539[#] http://www.hitachi-transportsystem.com/en/
540--------------------------------------------------
541[#] Mapping Subdomain..
542[-] No Any Subdomain Found
543[!] Found 0 Subdomain
544--------------------------------------------------
545[!] Done At 2020-01-17 15:10:40.615319
546######################################################################################################################################
547[INFO] ------TARGET info------
548[*] TARGET: https://www.vantec-gl.com/
549[*] TARGET IP: 52.198.68.5
550[INFO] NO load balancer detected for www.vantec-gl.com...
551[*] DNS servers: ns-766.awsdns-31.net.
552[*] TARGET server: Apache
553[*] CC: JP
554[*] Country: Japan
555[*] RegionCode: 13
556[*] RegionName: Tokyo
557[*] City: Tokyo
558[*] ASN: AS16509
559[*] BGP_PREFIX: 52.196.0.0/14
560[*] ISP: AMAZON-02, US
561[INFO] SSL/HTTPS certificate detected
562[*] Issuer: issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
563[*] Subject: subject=C = JP, ST = Kanagawa, L = Yokohama, O = VANTEC CORPORATION, CN = www.vantec-gl.com
564[INFO] DNS enumeration:
565[*] ns1.vantec-gl.com 113.157.206.2
566[*] ns2.vantec-gl.com 210.161.158.2
567[*] www2.vantec-gl.com 115.146.61.170
568[INFO] Possible abuse mails are:
569[*] abuse@vantec-gl.com
570[*] abuse@www.vantec-gl.com
571[INFO] NO PAC (Proxy Auto Configuration) file FOUND
572[INFO] Starting FUZZing in http://www.vantec-gl.com/FUzZzZzZzZz...
573[INFO] Status code Folders
574[*] 200 http://www.vantec-gl.com/news
575[ALERT] Look in the source code. It may contain passwords
576HTTP: Access authorization required.
577 Use the -auth=id:pw parameter.
578
579Recherche 52.198.68.5
580Connexion HTTP à 52.198.68.5
581Envoi de la requête HTTP.
582Requête HTTP envoyée. Attente de réponse.
583Alerte ! : Autorisation d’accès refusée - nouvelle tentative
584
585lynx : accès impossible au fichier de départ http://52.198.68.5/
586[INFO] Links found from https://www.vantec-gl.com/ http://52.198.68.5/:
587[*] http://hitachi-vht.com/
588[*] https://gslg.hitachi-hb.co.jp/gslg/AirOceanSearchDisp.do?lang=en¶m1=VHF
589[*] https://www.vantec-gl.com/
590[*] https://www.vantec-gl.com/aboutus/
591[*] https://www.vantec-gl.com/aboutus/history/
592[*] https://www.vantec-gl.com/aboutus/message/
593[*] https://www.vantec-gl.com/aboutus/number/
594[*] https://www.vantec-gl.com/aboutus/philosophy/
595[*] https://www.vantec-gl.com/aboutus/profile/
596[*] https://www.vantec-gl.com/career/
597[*] https://www.vantec-gl.com/career/company-pr/
598[*] https://www.vantec-gl.com/career/interview/
599[*] https://www.vantec-gl.com/career/message/
600[*] https://www.vantec-gl.com/career/requirements/
601[*] https://www.vantec-gl.com/cn/
602[*] https://www.vantec-gl.com/contact/
603[*] https://www.vantec-gl.com/#container
604[*] https://www.vantec-gl.com/#footer
605[*] https://www.vantec-gl.com/id/
606[*] https://www.vantec-gl.com/in/
607[*] https://www.vantec-gl.com/japanese/
608[*] https://www.vantec-gl.com/jp/
609[*] https://www.vantec-gl.com/legal/
610[*] https://www.vantec-gl.com/#Map
611[*] https://www.vantec-gl.com/#modalMap01
612[*] https://www.vantec-gl.com/#modalMap02
613[*] https://www.vantec-gl.com/#modalMap03
614[*] https://www.vantec-gl.com/#modalMap04
615[*] https://www.vantec-gl.com/#modalMap05
616[*] https://www.vantec-gl.com/#modalMap06
617[*] https://www.vantec-gl.com/#modalMap07
618[*] https://www.vantec-gl.com/#modalMap08
619[*] https://www.vantec-gl.com/#modalMap09
620[*] https://www.vantec-gl.com/#modalMap10
621[*] https://www.vantec-gl.com/#modalMap11
622[*] https://www.vantec-gl.com/#modalMap12
623[*] https://www.vantec-gl.com/#modalMap13
624[*] https://www.vantec-gl.com/#modalMap14
625[*] https://www.vantec-gl.com/#modalMap15
626[*] https://www.vantec-gl.com/#modalMap16
627[*] https://www.vantec-gl.com/#modalMap17
628[*] https://www.vantec-gl.com/#modalMap18
629[*] https://www.vantec-gl.com/#modalMap19
630[*] https://www.vantec-gl.com/#modalMap20
631[*] https://www.vantec-gl.com/#modalMap21
632[*] https://www.vantec-gl.com/mx/
633[*] https://www.vantec-gl.com/#navigation
634[*] https://www.vantec-gl.com/network/
635[*] https://www.vantec-gl.com/news/
636[*] https://www.vantec-gl.com/news/pdf/170315_VHA.pdf
637[*] https://www.vantec-gl.com/news/pdf/170521_Vantec Driving Contest.pdf
638[*] https://www.vantec-gl.com/news/pdf/190715_EN for overseas.pdf
639[*] https://www.vantec-gl.com/news/pdf/190729_EN.pdf
640[*] https://www.vantec-gl.com/nl/
641[*] https://www.vantec-gl.com/#page
642[*] https://www.vantec-gl.com/policy/
643[*] https://www.vantec-gl.com/ru/
644[*] https://www.vantec-gl.com/service/
645[*] https://www.vantec-gl.com/service/scm-support/
646[*] https://www.vantec-gl.com/service/tailor-made/
647[*] https://www.vantec-gl.com/service/transportation/
648[*] https://www.vantec-gl.com/service/value-added/
649[*] https://www.vantec-gl.com/service/warehousing/
650[*] https://www.vantec-gl.com/sitemap/
651[*] https://www.vantec-gl.com/solution/
652[*] https://www.vantec-gl.com/solution/case-study/
653[*] https://www.vantec-gl.com/solution/scm/
654[*] https://www.vantec-gl.com/sustainability/
655[*] https://www.vantec-gl.com/sustainability/compliance/
656[*] https://www.vantec-gl.com/sustainability/contribution/
657[*] https://www.vantec-gl.com/sustainability/environment/
658[*] https://www.vantec-gl.com/sustainability/risk/
659[*] https://www.vantec-gl.com/sustainability/safety/
660[*] https://www.vantec-gl.com/th/
661[*] https://www.vantec-gl.com/uk/
662[*] https://www.vantec-gl.com/vehicle/
663[*] http://www.hitachi-transportsystem.com/en/
664cut: intervalle de champ incorrecte
665Saisissez « cut --help » pour plus d'informations.
666[INFO] Shodan detected the following opened ports on 52.198.68.5:
667[*] 443
668[*] 80
669[INFO] ------VirusTotal SECTION------
670[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
671[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
672[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
673[INFO] ------Alexa Rank SECTION------
674[INFO] Percent of Visitors Rank in Country:
675[INFO] Percent of Search Traffic:
676[INFO] Percent of Unique Visits:
677[INFO] Total Sites Linking In:
678[*] Total Sites
679[INFO] Useful links related to www.vantec-gl.com - 52.198.68.5:
680[*] https://www.virustotal.com/pt/ip-address/52.198.68.5/information/
681[*] https://www.hybrid-analysis.com/search?host=52.198.68.5
682[*] https://www.shodan.io/host/52.198.68.5
683[*] https://www.senderbase.org/lookup/?search_string=52.198.68.5
684[*] https://www.alienvault.com/open-threat-exchange/ip/52.198.68.5
685[*] http://pastebin.com/search?q=52.198.68.5
686[*] http://urlquery.net/search.php?q=52.198.68.5
687[*] http://www.alexa.com/siteinfo/www.vantec-gl.com
688[*] http://www.google.com/safebrowsing/diagnostic?site=www.vantec-gl.com
689[*] https://censys.io/ipv4/52.198.68.5
690[*] https://www.abuseipdb.com/check/52.198.68.5
691[*] https://urlscan.io/search/#52.198.68.5
692[*] https://github.com/search?q=52.198.68.5&type=Code
693[INFO] Useful links related to AS16509 - 52.196.0.0/14:
694[*] http://www.google.com/safebrowsing/diagnostic?site=AS:16509
695[*] https://www.senderbase.org/lookup/?search_string=52.196.0.0/14
696[*] http://bgp.he.net/AS16509
697[*] https://stat.ripe.net/AS16509
698[INFO] Date: 17/01/20 | Time: 15:11:45
699[INFO] Total time: 1 minute(s) and 5 second(s)
700#######################################################################################################################################
701Trying "vantec-gl.com"
702Trying "vantec-gl.com"
703;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20509
704;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 5
705
706;; QUESTION SECTION:
707;vantec-gl.com. IN ANY
708
709;; ANSWER SECTION:
710vantec-gl.com. 0 IN TXT "v=spf1 mx:vantec-gl.com ip4:180.211.76.162 ip4:211.8.133.86 ip4:218.45.236.86 ip4:113.157.206.0/26 ip4:210.161.158.0/26 include:spf.protection.outlook.com include:spf.spcloud.jp ~all"
711vantec-gl.com. 0 IN MX 0 vantecgl-com01e.mail.eo.outlook.com.
712vantec-gl.com. 0 IN SOA ns-766.awsdns-31.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
713vantec-gl.com. 0 IN NS ns-766.awsdns-31.net.
714vantec-gl.com. 0 IN NS ns-1360.awsdns-42.org.
715vantec-gl.com. 0 IN NS ns-1648.awsdns-14.co.uk.
716vantec-gl.com. 0 IN NS ns-109.awsdns-13.com.
717
718;; AUTHORITY SECTION:
719vantec-gl.com. 43199 IN NS ns-766.awsdns-31.net.
720vantec-gl.com. 43199 IN NS ns-1648.awsdns-14.co.uk.
721vantec-gl.com. 43199 IN NS ns-1360.awsdns-42.org.
722vantec-gl.com. 43199 IN NS ns-109.awsdns-13.com.
723
724;; ADDITIONAL SECTION:
725ns-109.awsdns-13.com. 5364 IN A 205.251.192.109
726ns-109.awsdns-13.com. 5363 IN AAAA 2600:9000:5300:6d00::1
727ns-1360.awsdns-42.org. 20607 IN A 205.251.197.80
728ns-1360.awsdns-42.org. 7104 IN AAAA 2600:9000:5305:5000::1
729ns-766.awsdns-31.net. 21850 IN A 205.251.194.254
730
731Received 632 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 58 ms
732#######################################################################################################################################
733
734; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace vantec-gl.com any
735;; global options: +cmd
736. 82920 IN NS d.root-servers.net.
737. 82920 IN NS h.root-servers.net.
738. 82920 IN NS k.root-servers.net.
739. 82920 IN NS f.root-servers.net.
740. 82920 IN NS i.root-servers.net.
741. 82920 IN NS l.root-servers.net.
742. 82920 IN NS j.root-servers.net.
743. 82920 IN NS g.root-servers.net.
744. 82920 IN NS c.root-servers.net.
745. 82920 IN NS a.root-servers.net.
746. 82920 IN NS e.root-servers.net.
747. 82920 IN NS b.root-servers.net.
748. 82920 IN NS m.root-servers.net.
749. 82920 IN RRSIG NS 8 0 518400 20200130170000 20200117160000 33853 . PRP9tZ+QyT3Vm2uvm5Z3NL191Dg5LGGRQSU+DVAp06UCTKKN6EIZml/N zOZIB7ocFLseMXqvrIf0z4dXagg2+Lt6gjFfL1FMPfvhfcgje9C2F/Z9 Q0wtr4BCmir/d1cM/8c3pNKdjn7xL641Mp6rNHz8MNn6S6cTXKJlQ7PV rYZoK/qMEU0Eg9mlzCX91cLGwIfeMJKtEpsqaEfGEILu6ut3QXBsoL8n m3LHwdIybp0NBTVINaPVo95xfaHm6Ddt3LVqFsk4xb6hARb24JbjikTo w0H2HuzHGpK9jPY8HSFs5yf2lmNDtMmqlyudstzWz5D2yb9rkj8rpSHU qG0/eA==
750;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 88 ms
751
752com. 172800 IN NS j.gtld-servers.net.
753com. 172800 IN NS e.gtld-servers.net.
754com. 172800 IN NS g.gtld-servers.net.
755com. 172800 IN NS k.gtld-servers.net.
756com. 172800 IN NS l.gtld-servers.net.
757com. 172800 IN NS f.gtld-servers.net.
758com. 172800 IN NS h.gtld-servers.net.
759com. 172800 IN NS m.gtld-servers.net.
760com. 172800 IN NS i.gtld-servers.net.
761com. 172800 IN NS a.gtld-servers.net.
762com. 172800 IN NS c.gtld-servers.net.
763com. 172800 IN NS b.gtld-servers.net.
764com. 172800 IN NS d.gtld-servers.net.
765com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
766com. 86400 IN RRSIG DS 8 1 86400 20200130170000 20200117160000 33853 . H0VBA7LFsnDivw2euQT5FzUmjzdKghS67lilTD7kvcFqfpf4XqzU2er/ ExrSQ2WzQ2VRgVrsor5k6Ca/KJNySQiT1UrXEvjovreVnX3lJob6tUcE RXQEbTUNhvQbRxfgGiOAHliTYXbW/qmeMHQGQwN1s836LH3I3rgVAA02 59O3SQCphKt62bH9aW3thFlHsFc2I13EvHDTvZIHwa92VW0LgBbpOR0E tpU+boXnrp5LNTc1l3a2gD1daUuIw2HY1ykkUMNlr2upU+/Ewgesvg7c b0LaZD1CRmjWSO+Lq9D5Pg3kgRv3gncML2yyIZrr13pWSTbBHo2sbTiG dWqXCA==
767;; Received 1173 bytes from 2001:7fe::53#53(i.root-servers.net) in 48 ms
768
769vantec-gl.com. 172800 IN NS ns-109.awsdns-13.com.
770vantec-gl.com. 172800 IN NS ns-766.awsdns-31.net.
771vantec-gl.com. 172800 IN NS ns-1648.awsdns-14.co.uk.
772vantec-gl.com. 172800 IN NS ns-1360.awsdns-42.org.
773CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
774CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200122054915 20200115043915 12163 com. FNlrPrqpKfVHKASgkcTgT29br3HmpcXgRzMcdX4Ctkbi1zE22CbnfCTh SjAoyiUDjN5IJ+oGTKuTEjfMIFAEgjUW8b2xVYlmGCiEtrapua407X2t Dw3Dtkn4d5EGYjFORD32d9+gBVGkOEiimWZvL4uCH2gUy/uBPW1PLJAS NQNt45Eu6uTLVDvptAmn5uc2MbRvpkEHr6dsmB587FJQsw==
77579QILBKB4TS4SU7ICDUPBKEF5P3Q00LV.com. 86400 IN NSEC3 1 1 0 - 79QJJU3K7NQF90LSKT724DN7AOPP34PG NS DS RRSIG
77679QILBKB4TS4SU7ICDUPBKEF5P3Q00LV.com. 86400 IN RRSIG NSEC3 8 2 86400 20200122053917 20200115042917 12163 com. SCt/DTmzmvR9e0TQNdol1JQRBFWI40lqqrLbVUBN0F0M0hB8+75Xz3O9 o/9X7zW+LogY+E0B+BHmlHofvdiOJ1EXFWCenP5IIh7pxSbFwMebtkWl 3idK5cqBFgzR1JNV2pMjVcXiGkwJkQmYmJtMB7psJ//sGATILp1FbF/t TEW5WS9OJTQogZxxUMD2iwK8LIOAZOTrI1SzItBovhg9ag==
777;; Received 744 bytes from 192.43.172.30#53(i.gtld-servers.net) in 144 ms
778
779vantec-gl.com. 172800 IN NS ns-109.awsdns-13.com.
780vantec-gl.com. 172800 IN NS ns-1360.awsdns-42.org.
781vantec-gl.com. 172800 IN NS ns-1648.awsdns-14.co.uk.
782vantec-gl.com. 172800 IN NS ns-766.awsdns-31.net.
783vantec-gl.com. 900 IN SOA ns-766.awsdns-31.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
784vantec-gl.com. 604800 IN MX 0 vantecgl-com01e.mail.eo.outlook.com.
785vantec-gl.com. 604800 IN TXT "v=spf1 mx:vantec-gl.com ip4:180.211.76.162 ip4:211.8.133.86 ip4:218.45.236.86 ip4:113.157.206.0/26 ip4:210.161.158.0/26 include:spf.protection.outlook.com include:spf.spcloud.jp ~all"
786;; Received 483 bytes from 2600:9000:5300:6d00::1#53(ns-109.awsdns-13.com) in 44 ms
787######################################################################################################################################
788[*] Performing General Enumeration of Domain: vantec-gl.com
789[-] DNSSEC is not configured for vantec-gl.com
790[*] SOA ns-766.awsdns-31.net 205.251.194.254
791[*] NS ns-109.awsdns-13.com 205.251.192.109
792[*] NS ns-109.awsdns-13.com 2600:9000:5300:6d00::1
793[*] NS ns-1360.awsdns-42.org 205.251.197.80
794[*] NS ns-1360.awsdns-42.org 2600:9000:5305:5000::1
795[*] NS ns-1648.awsdns-14.co.uk 205.251.198.112
796[*] NS ns-1648.awsdns-14.co.uk 2600:9000:5306:7000::1
797[*] NS ns-766.awsdns-31.net 205.251.194.254
798[*] NS ns-766.awsdns-31.net 2600:9000:5302:fe00::1
799[*] MX vantecgl-com01e.mail.eo.outlook.com 104.47.92.36
800[*] MX vantecgl-com01e.mail.eo.outlook.com 104.47.93.36
801[*] TXT vantec-gl.com v=spf1 mx:vantec-gl.com ip4:180.211.76.162 ip4:211.8.133.86 ip4:218.45.236.86 ip4:113.157.206.0/26 ip4:210.161.158.0/26 include:spf.protection.outlook.com include:spf.spcloud.jp ~all
802[*] Enumerating SRV Records
803[*] SRV _sip._tls.vantec-gl.com sipdir.online.lync.com 52.112.64.140 443 1
804[*] SRV _sip._tls.vantec-gl.com sipdir.online.lync.com 2603:1037:0:e::f 443 1
805[*] SRV _sipfederationtls._tcp.vantec-gl.com sipfed.online.lync.com 52.112.64.11 5061 1
806[*] SRV _sipfederationtls._tcp.vantec-gl.com sipfed.online.lync.com 2603:1037:0:e::f 5061 1
807[+] 4 Records Found
808#######################################################################################################################################
809[*] Processing domain vantec-gl.com
810[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
811[+] Getting nameservers
812205.251.192.109 - ns-109.awsdns-13.com
813205.251.197.80 - ns-1360.awsdns-42.org
814205.251.198.112 - ns-1648.awsdns-14.co.uk
815205.251.194.254 - ns-766.awsdns-31.net
816[-] Zone transfer failed
817
818[+] TXT records found
819"v=spf1 mx:vantec-gl.com ip4:180.211.76.162 ip4:211.8.133.86 ip4:218.45.236.86 ip4:113.157.206.0/26 ip4:210.161.158.0/26 include:spf.protection.outlook.com include:spf.spcloud.jp ~all"
820
821[+] MX records found, added to target list
8220 vantecgl-com01e.mail.eo.outlook.com.
823
824[*] Scanning vantec-gl.com for A records
82540.97.120.216 - autodiscover.vantec-gl.com
82640.97.121.24 - autodiscover.vantec-gl.com
82740.97.120.232 - autodiscover.vantec-gl.com
82840.97.121.40 - autodiscover.vantec-gl.com
82940.97.120.168 - autodiscover.vantec-gl.com
83040.97.120.56 - autodiscover.vantec-gl.com
83140.97.120.72 - autodiscover.vantec-gl.com
83240.97.120.248 - autodiscover.vantec-gl.com
833104.40.82.191 - enterpriseenrollment.vantec-gl.com
83423.101.163.232 - enterpriseregistration.vantec-gl.com
835113.157.206.3 - gw.vantec-gl.com
836127.0.0.1 - localhost.vantec-gl.com
83752.112.65.78 - lyncdiscover.vantec-gl.com
83840.126.3.32 - msoid.vantec-gl.com
83920.190.131.98 - msoid.vantec-gl.com
84040.126.3.34 - msoid.vantec-gl.com
84140.126.3.97 - msoid.vantec-gl.com
84220.190.131.96 - msoid.vantec-gl.com
84340.126.3.98 - msoid.vantec-gl.com
84440.126.3.99 - msoid.vantec-gl.com
84540.126.3.33 - msoid.vantec-gl.com
846210.161.158.2 - ns2.vantec-gl.com
847113.157.206.2 - ns1.vantec-gl.com
848113.157.206.39 - partner.vantec-gl.com
84952.112.64.140 - sip.vantec-gl.com
85040.108.198.53 - sp.vantec-gl.com
85152.198.68.5 - www.vantec-gl.com
852115.146.61.170 - www2.vantec-gl.com
853#######################################################################################################################################
854Domains still to check: 1
855 Checking if the hostname vantec-gl.com. given is in fact a domain...
856
857Analyzing domain: vantec-gl.com.
858 Checking NameServers using system default resolver...
859 IP: 205.251.192.109 (United States)
860 HostName: ns-109.awsdns-13.com Type: NS
861 HostName: ns-109.awsdns-13.com Type: PTR
862 IP: 205.251.197.80 (United States)
863 HostName: ns-1360.awsdns-42.org Type: NS
864 HostName: ns-1360.awsdns-42.org Type: PTR
865 IP: 205.251.198.112 (United States)
866 HostName: ns-1648.awsdns-14.co.uk Type: NS
867 HostName: ns-1648.awsdns-14.co.uk Type: PTR
868 IP: 205.251.194.254 (United States)
869 HostName: ns-766.awsdns-31.net Type: NS
870 HostName: ns-766.awsdns-31.net Type: PTR
871
872 Checking MailServers using system default resolver...
873 IP: 104.47.92.36 (Japan)
874 HostName: vantecgl-com01e.mail.eo.outlook.com Type: MX
875 HostName: mail-os2jpn010036.inbound.protection.outlook.com Type: PTR
876 IP: 104.47.93.36 (Japan)
877 HostName: vantecgl-com01e.mail.eo.outlook.com Type: MX
878 HostName: mail-ty1jpn010036.inbound.protection.outlook.com Type: PTR
879
880 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
881 No zone transfer found on nameserver 205.251.192.109
882 No zone transfer found on nameserver 205.251.197.80
883 No zone transfer found on nameserver 205.251.198.112
884 No zone transfer found on nameserver 205.251.194.254
885
886 Checking SPF record...
887 New IP found: 180.211.76.162
888 New IP found: 211.8.133.86
889 New IP found: 218.45.236.86
890 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 113.157.206.0/26, but only the network IP
891 New IP found: 113.157.206.0
892 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.161.158.0/26, but only the network IP
893 New IP found: 210.161.158.0
894
895 Checking SPF record...
896 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
897 New IP found: 40.92.0.0
898 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
899 New IP found: 40.107.0.0
900 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
901 New IP found: 52.100.0.0
902 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
903 New IP found: 104.47.0.0
904 There are no IPv4 addresses in the SPF. Maybe IPv6.
905 There are no IPv4 addresses in the SPF. Maybe IPv6.
906
907 Checking SPF record...
908 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 180.211.76.160/27, but only the network IP
909 New IP found: 180.211.76.160
910 New IP found: 54.65.163.216
911 New IP found: 54.65.167.98
912 New IP found: 52.192.253.4
913 New IP found: 52.192.182.69
914 New IP found: 52.197.41.197
915 New IP found: 54.249.45.48
916 New IP found: 13.114.77.112
917 New IP found: 54.65.87.63
918 New IP found: 18.182.115.6
919 New IP found: 54.95.33.202
920 New IP found: 3.114.230.207
921 New IP found: 54.249.116.108
922 New IP found: 3.113.175.53
923 New IP found: 13.78.13.196
924 New IP found: 13.114.245.121
925 New IP found: 13.115.57.8
926 New IP found: 54.65.117.71
927 New IP found: 52.199.1.239
928 New IP found: 52.199.8.184
929 New IP found: 13.78.38.217
930 New IP found: 104.215.4.137
931 New IP found: 13.114.92.136
932
933 Checking 192 most common hostnames using system default resolver...
934 IP: 52.198.68.5 (Japan)
935 HostName: www.vantec-gl.com. Type: A
936 IP: 113.157.206.3 (Japan)
937 HostName: gw.vantec-gl.com. Type: A
938 IP: 113.157.206.2 (Japan)
939 HostName: ns1.vantec-gl.com. Type: A
940 IP: 210.161.158.2 (Japan)
941 HostName: ns2.vantec-gl.com. Type: A
942 IP: 115.146.61.170 (Japan)
943 HostName: www2.vantec-gl.com. Type: A
944
945 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
946 Checking netblock 52.100.0.0
947 Checking netblock 54.95.33.0
948 Checking netblock 52.197.41.0
949 Checking netblock 54.65.167.0
950 Checking netblock 13.78.13.0
951 Checking netblock 104.215.4.0
952 Checking netblock 52.199.1.0
953 Checking netblock 113.157.206.0
954 Checking netblock 13.114.92.0
955 Checking netblock 54.65.163.0
956 Checking netblock 180.211.76.0
957 Checking netblock 13.78.38.0
958 Checking netblock 218.45.236.0
959 Checking netblock 205.251.192.0
960 Checking netblock 3.113.175.0
961 Checking netblock 13.115.57.0
962 Checking netblock 13.114.77.0
963 Checking netblock 104.47.92.0
964 Checking netblock 211.8.133.0
965 Checking netblock 54.65.87.0
966 Checking netblock 52.199.8.0
967 Checking netblock 3.114.230.0
968 Checking netblock 18.182.115.0
969 Checking netblock 205.251.197.0
970 Checking netblock 52.198.68.0
971 Checking netblock 52.192.253.0
972 Checking netblock 13.114.245.0
973 Checking netblock 54.249.116.0
974 Checking netblock 54.65.117.0
975 Checking netblock 205.251.198.0
976 Checking netblock 40.107.0.0
977 Checking netblock 205.251.194.0
978 Checking netblock 40.92.0.0
979 Checking netblock 210.161.158.0
980 Checking netblock 104.47.93.0
981 Checking netblock 104.47.0.0
982 Checking netblock 115.146.61.0
983 Checking netblock 52.192.182.0
984 Checking netblock 54.249.45.0
985
986 Searching for vantec-gl.com. emails in Google
987 n-madhusekar.ke@vantec-gl.com�
988 n-madhusekar.ke@vantec-gl.com
989 pk-diwakar.az@vantec-gl.com�
990 nohara.nf@vantec-gl.com
991 info@vantec-gl.com)
992 webmaster_vws@vantec-gl.com
993 INFO_vnl@vantec-gl.com
994 first@vantec-gl.com
995 madhusekar.ke@vantec-gl.com
996 n-madhusekar.ke@vantec-gl.com.
997
998 Checking 43 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
999 Host 52.100.0.0 is up (reset ttl 64)
1000 Host 54.95.33.202 is up (reset ttl 64)
1001 Host 52.197.41.197 is up (reset ttl 64)
1002 Host 54.65.167.98 is up (reset ttl 64)
1003 Host 13.78.13.196 is up (reset ttl 64)
1004 Host 104.215.4.137 is up (reset ttl 64)
1005 Host 52.199.1.239 is up (reset ttl 64)
1006 Host 113.157.206.3 is up (reset ttl 64)
1007 Host 13.114.92.136 is up (reset ttl 64)
1008 Host 54.65.163.216 is up (reset ttl 64)
1009 Host 113.157.206.0 is up (reset ttl 64)
1010 Host 180.211.76.162 is up (reset ttl 64)
1011 Host 13.78.38.217 is up (reset ttl 64)
1012 Host 180.211.76.160 is up (reset ttl 64)
1013 Host 218.45.236.86 is up (reset ttl 64)
1014 Host 205.251.192.109 is up (echo-reply ttl 240)
1015 Host 3.113.175.53 is up (reset ttl 64)
1016 Host 13.115.57.8 is up (reset ttl 64)
1017 Host 113.157.206.2 is up (reset ttl 64)
1018 Host 13.114.77.112 is up (reset ttl 64)
1019 Host 104.47.92.36 is up (reset ttl 64)
1020 Host 211.8.133.86 is up (reset ttl 64)
1021 Host 54.65.87.63 is up (reset ttl 64)
1022 Host 52.199.8.184 is up (reset ttl 64)
1023 Host 3.114.230.207 is up (reset ttl 64)
1024 Host 18.182.115.6 is up (reset ttl 64)
1025 Host 205.251.197.80 is up (echo-reply ttl 245)
1026 Host 52.198.68.5 is up (reset ttl 64)
1027 Host 52.192.253.4 is up (reset ttl 64)
1028 Host 13.114.245.121 is up (reset ttl 64)
1029 Host 54.249.116.108 is up (reset ttl 64)
1030 Host 54.65.117.71 is up (reset ttl 64)
1031 Host 205.251.198.112 is up (echo-reply ttl 245)
1032 Host 40.107.0.0 is up (reset ttl 64)
1033 Host 205.251.194.254 is up (echo-reply ttl 244)
1034 Host 40.92.0.0 is up (reset ttl 64)
1035 Host 210.161.158.2 is up (reset ttl 64)
1036 Host 210.161.158.0 is up (reset ttl 64)
1037 Host 104.47.93.36 is up (reset ttl 64)
1038 Host 104.47.0.0 is up (reset ttl 64)
1039 Host 115.146.61.170 is up (reset ttl 64)
1040 Host 52.192.182.69 is up (reset ttl 64)
1041 Host 54.249.45.48 is up (reset ttl 64)
1042
1043 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1044 Scanning ip 52.100.0.0 ():
1045 Scanning ip 54.95.33.202 ():
1046 Scanning ip 52.197.41.197 ():
1047 Scanning ip 54.65.167.98 ():
1048 Scanning ip 13.78.13.196 ():
1049 Scanning ip 104.215.4.137 ():
1050 Scanning ip 52.199.1.239 ():
1051 Scanning ip 113.157.206.3 (gw.vantec-gl.com.):
1052 Scanning ip 13.114.92.136 ():
1053 465/tcp open ssl/smtp syn-ack ttl 36 Postfix smtpd
1054 |_smtp-commands: mxzkz.spcloud.jp, PIPELINING, SIZE 36700160, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1055 | ssl-cert: Subject: commonName=*.spcloud.jp
1056 | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1057 | Issuer: commonName=FujiSSL Public Certification Authority - G1/organizationName=Nijimo, Inc./countryName=JP
1058 | Public Key type: rsa
1059 | Public Key bits: 2048
1060 | Signature Algorithm: sha256WithRSAEncryption
1061 | Not valid before: 2018-03-05T07:10:17
1062 | Not valid after: 2019-03-05T23:59:00
1063 | MD5: 2bc0 0c2e ee29 cd89 7758 c756 e48c eae1
1064 |_SHA-1: 911b 8c9c 8445 9cc1 504f ccf4 896f 70a8 a74a 5341
1065 |_ssl-date: 2020-01-17T20:23:03+00:00; -5s from scanner time.
1066 OS Info: Service Info: Host: mxzkz.spcloud.jp
1067 |_clock-skew: -5s
1068 Scanning ip 54.65.163.216 ():
1069 Scanning ip 113.157.206.0 ():
1070 Scanning ip 180.211.76.162 ():
1071 443/tcp open ssl/http syn-ack ttl 41 Apache httpd 2.2.15
1072 | http-cookie-flags:
1073 | /:
1074 | JSESSIONID:
1075 |_ httponly flag not set
1076 |_http-favicon: Unknown favicon MD5: 42F6D057DA4BFB7CD5A76ECEE7CAFF0C
1077 | http-methods:
1078 |_ Supported Methods: GET HEAD POST OPTIONS
1079 | http-robots.txt: 1 disallowed entry
1080 |_/
1081 |_http-title: Site doesn't have a title (text/html;charset=UTF-8).
1082 | ssl-cert: Subject: commonName=*.spcloud.jp
1083 | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1084 | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1085 | Public Key type: rsa
1086 | Public Key bits: 2048
1087 | Signature Algorithm: sha256WithRSAEncryption
1088 | Not valid before: 2019-02-06T05:30:37
1089 | Not valid after: 2020-03-06T14:59:59
1090 | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1091 |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1092 |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1093 | vulners:
1094 | cpe:/a:apache:http_server:2.2.15:
1095 | CVE-2011-3192 7.8 https://vulners.com/cve/CVE-2011-3192
1096 | CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
1097 | CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
1098 | CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
1099 | CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
1100 | CVE-2013-2249 7.5 https://vulners.com/cve/CVE-2013-2249
1101 | CVE-2012-0883 6.9 https://vulners.com/cve/CVE-2012-0883
1102 | CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
1103 | CVE-2017-12171 6.4 https://vulners.com/cve/CVE-2017-12171
1104 | CVE-2013-1862 5.1 https://vulners.com/cve/CVE-2013-1862
1105 | CVE-2014-0231 5.0 https://vulners.com/cve/CVE-2014-0231
1106 | CVE-2014-0098 5.0 https://vulners.com/cve/CVE-2014-0098
1107 | CVE-2013-6438 5.0 https://vulners.com/cve/CVE-2013-6438
1108 | CVE-2012-4557 5.0 https://vulners.com/cve/CVE-2012-4557
1109 | CVE-2011-3368 5.0 https://vulners.com/cve/CVE-2011-3368
1110 | CVE-2010-2068 5.0 https://vulners.com/cve/CVE-2010-2068
1111 | CVE-2010-1452 5.0 https://vulners.com/cve/CVE-2010-1452
1112 | CVE-2012-0031 4.6 https://vulners.com/cve/CVE-2012-0031
1113 | CVE-2011-3607 4.4 https://vulners.com/cve/CVE-2011-3607
1114 | CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
1115 | CVE-2013-1896 4.3 https://vulners.com/cve/CVE-2013-1896
1116 | CVE-2012-4558 4.3 https://vulners.com/cve/CVE-2012-4558
1117 | CVE-2012-3499 4.3 https://vulners.com/cve/CVE-2012-3499
1118 | CVE-2012-0053 4.3 https://vulners.com/cve/CVE-2012-0053
1119 | CVE-2011-4317 4.3 https://vulners.com/cve/CVE-2011-4317
1120 | CVE-2011-3639 4.3 https://vulners.com/cve/CVE-2011-3639
1121 | CVE-2011-3348 4.3 https://vulners.com/cve/CVE-2011-3348
1122 | CVE-2011-0419 4.3 https://vulners.com/cve/CVE-2011-0419
1123 | CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
1124 | CVE-2012-2687 2.6 https://vulners.com/cve/CVE-2012-2687
1125 |_ CVE-2011-4415 1.2 https://vulners.com/cve/CVE-2011-4415
1126 465/tcp open ssl/smtps? syn-ack ttl 41
1127 |_smtp-commands: Couldn't establish connection on port 465
1128 |_ssl-date: TLS randomness does not represent time
1129 587/tcp open smtp syn-ack ttl 41 Postfix smtpd
1130 |_smtp-commands: mail.spcloud.jp, STARTTLS,
1131 |_ssl-date: 2020-01-17T20:24:46+00:00; -4s from scanner time.
1132 993/tcp open ssl/imaps? syn-ack ttl 42
1133 |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1134 995/tcp open ssl/pop3s? syn-ack ttl 42
1135 |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1136 OS Info: Service Info: Host: mail.spcloud.jp
1137 |_clock-skew: mean: -4s, deviation: 0s, median: -4s
1138 Scanning ip 13.78.38.217 ():
1139 443/tcp open ssl/http syn-ack ttl 50 nginx
1140 |_http-server-header: nginx/1.0.15
1141 |_http-title: 400 The plain HTTP request was sent to HTTPS port
1142 | ssl-cert: Subject: commonName=*.manage.spcloud.jp
1143 | Subject Alternative Name: DNS:*.manage.spcloud.jp
1144 | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1145 | Public Key type: rsa
1146 | Public Key bits: 2048
1147 | Signature Algorithm: sha256WithRSAEncryption
1148 | Not valid before: 2019-02-06T05:33:27
1149 | Not valid after: 2020-03-06T14:59:59
1150 | MD5: 800b cba8 41c7 b09b c9cc 35a8 dae0 2373
1151 |_SHA-1: b5b7 70d2 9e69 5f3a fb11 cd76 2f9a 1c0e ad63 91eb
1152 |_ssl-date: 2020-01-17T20:28:38+00:00; -4s from scanner time.
1153 Device type: general purpose|firewall|storage-misc
1154 Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (86%), Synology DiskStation Manager 5.X (85%)
1155 |_clock-skew: -4s
1156 Scanning ip 180.211.76.160 ():
1157 Scanning ip 218.45.236.86 ():
1158 Scanning ip 205.251.192.109 (ns-109.awsdns-13.com (PTR)):
1159 53/tcp open tcpwrapped syn-ack ttl 240
1160 Scanning ip 3.113.175.53 ():
1161 Scanning ip 13.115.57.8 ():
1162 465/tcp open ssl/smtp syn-ack ttl 34 Postfix smtpd
1163 |_smtp-commands: mxzkb.spcloud.jp, PIPELINING, SIZE 36700160, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1164 | ssl-cert: Subject: commonName=*.spcloud.jp
1165 | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1166 | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1167 | Public Key type: rsa
1168 | Public Key bits: 2048
1169 | Signature Algorithm: sha256WithRSAEncryption
1170 | Not valid before: 2019-02-06T05:30:37
1171 | Not valid after: 2020-03-06T14:59:59
1172 | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1173 |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1174 |_ssl-date: 2020-01-17T20:30:10+00:00; -4s from scanner time.
1175 OS Info: Service Info: Host: mxzkb.spcloud.jp
1176 |_clock-skew: -4s
1177 Scanning ip 113.157.206.2 (ns1.vantec-gl.com.):
1178 Scanning ip 13.114.77.112 ():
1179 Scanning ip 104.47.92.36 (mail-os2jpn010036.inbound.protection.outlook.com (PTR)):
1180 Scanning ip 211.8.133.86 ():
1181 Scanning ip 54.65.87.63 ():
1182 Scanning ip 52.199.8.184 ():
1183 Scanning ip 3.114.230.207 ():
1184 Scanning ip 18.182.115.6 ():
1185 Scanning ip 205.251.197.80 (ns-1360.awsdns-42.org (PTR)):
1186 53/tcp open tcpwrapped syn-ack ttl 245
1187 Scanning ip 52.198.68.5 (www.vantec-gl.com.):
1188 80/tcp open http syn-ack ttl 36 Apache httpd
1189 | http-auth:
1190 | HTTP/1.1 401 Unauthorized\x0D
1191 |_ Basic realm=Please enter your ID and password
1192 |_http-server-header: Apache
1193 |_http-title: 401 Unauthorized
1194 443/tcp open ssl/http syn-ack ttl 34 Apache httpd
1195 |_http-favicon: Unknown favicon MD5: D69AE595555C56F8FF2AD62550BBB526
1196 | http-methods:
1197 |_ Supported Methods: GET HEAD POST OPTIONS
1198 |_http-server-header: Apache
1199 | ssl-cert: Subject: commonName=www.vantec-gl.com/organizationName=VANTEC CORPORATION/stateOrProvinceName=Kanagawa/countryName=JP
1200 | Subject Alternative Name: DNS:www.vantec-gl.com, DNS:vantec-gl.com
1201 | Issuer: commonName=GlobalSign RSA OV SSL CA 2018/organizationName=GlobalSign nv-sa/countryName=BE
1202 | Public Key type: rsa
1203 | Public Key bits: 2048
1204 | Signature Algorithm: sha256WithRSAEncryption
1205 | Not valid before: 2019-11-06T07:06:11
1206 | Not valid after: 2020-12-18T23:59:59
1207 | MD5: e3a0 67be 929e 7497 ebea 070a 2db0 30e1
1208 |_SHA-1: 7523 2fcf 0b64 dcee 6db8 636a 59b5 7219 7b98 c7ae
1209 |_ssl-date: 2020-01-17T20:32:24+00:00; -4s from scanner time.
1210 Running (JUST GUESSING): Linux 2.6.X|4.X (91%)
1211 |_clock-skew: -4s
1212 Scanning ip 52.192.253.4 ():
1213 Scanning ip 13.114.245.121 ():
1214 465/tcp open ssl/smtp syn-ack ttl 35 Postfix smtpd
1215 |_smtp-commands: Couldn't establish connection on port 465
1216 | ssl-cert: Subject: commonName=*.spcloud.jp
1217 | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1218 | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1219 | Public Key type: rsa
1220 | Public Key bits: 2048
1221 | Signature Algorithm: sha256WithRSAEncryption
1222 | Not valid before: 2019-02-06T05:30:37
1223 | Not valid after: 2020-03-06T14:59:59
1224 | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1225 |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1226 |_ssl-date: 2020-01-17T20:33:27+00:00; -4s from scanner time.
1227 OS Info: Service Info: Host: mxzka.spcloud.jp
1228 |_clock-skew: -4s
1229 Scanning ip 54.249.116.108 ():
1230 Scanning ip 54.65.117.71 ():
1231 Scanning ip 205.251.198.112 (ns-1648.awsdns-14.co.uk (PTR)):
1232 53/tcp open tcpwrapped syn-ack ttl 245
1233 Device type: storage-misc|PBX
1234 Scanning ip 40.107.0.0 ():
1235 Scanning ip 205.251.194.254 (ns-766.awsdns-31.net (PTR)):
1236 53/tcp open tcpwrapped syn-ack ttl 245
1237 Scanning ip 40.92.0.0 ():
1238 Scanning ip 210.161.158.2 (ns2.vantec-gl.com.):
1239 Scanning ip 210.161.158.0 ():
1240 Scanning ip 104.47.93.36 (mail-ty1jpn010036.inbound.protection.outlook.com (PTR)):
1241 Scanning ip 104.47.0.0 ():
1242 Scanning ip 115.146.61.170 (www2.vantec-gl.com.):
1243 21/tcp open ftp syn-ack ttl 52 ProFTPD or KnFTPD
1244 80/tcp open ssl/http syn-ack ttl 52 Apache httpd
1245 | http-methods:
1246 |_ Supported Methods: GET HEAD OPTIONS
1247 |_http-server-header: Apache
1248 |_http-title: 403 Forbidden
1249 | ssl-cert: Subject: commonName=*.secure.ne.jp
1250 | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1251 | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1252 | Public Key type: rsa
1253 | Public Key bits: 2048
1254 | Signature Algorithm: sha256WithRSAEncryption
1255 | Not valid before: 2019-06-07T00:00:00
1256 | Not valid after: 2021-08-05T12:00:00
1257 | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1258 |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1259 |_ssl-date: TLS randomness does not represent time
1260 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
1261 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2005)
1262 |_ssl-date: 2020-01-17T20:36:47+00:00; -4s from scanner time.
1263 443/tcp open ssl/http syn-ack ttl 51 Apache httpd
1264 | http-methods:
1265 |_ Supported Methods: GET HEAD OPTIONS
1266 |_http-server-header: Apache
1267 |_http-title: 403 Forbidden
1268 | ssl-cert: Subject: commonName=*.secure.ne.jp
1269 | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1270 | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1271 | Public Key type: rsa
1272 | Public Key bits: 2048
1273 | Signature Algorithm: sha256WithRSAEncryption
1274 | Not valid before: 2019-06-07T00:00:00
1275 | Not valid after: 2021-08-05T12:00:00
1276 | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1277 |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1278 |_ssl-date: TLS randomness does not represent time
1279 465/tcp open ssl/smtps? syn-ack ttl 51
1280 |_smtp-commands: Couldn't establish connection on port 465
1281 |_ssl-date: 2020-01-17T20:36:46+00:00; -4s from scanner time.
1282 587/tcp open smtp syn-ack ttl 52 Access Remote PC smtpd
1283 | smtp-commands: x166.secure.ne.jp, AUTH LOGIN CRAM-MD5 PLAIN, AUTH=LOGIN CRAM-MD5 PLAIN, PIPELINING, 8BITMIME,
1284 |_ qmail home page: http://pobox.com/~djb/qmail.html
1285 993/tcp open ssl/imaps? syn-ack ttl 52
1286 |_ssl-date: 2020-01-17T20:36:46+00:00; -4s from scanner time.
1287 995/tcp open ssl/pop3s? syn-ack ttl 52
1288 |_ssl-date: 2020-01-17T20:36:47+00:00; -4s from scanner time.
1289 8080/tcp open ssl/http syn-ack ttl 51 Apache httpd
1290 | http-methods:
1291 |_ Supported Methods: GET HEAD OPTIONS
1292 |_http-server-header: Apache
1293 |_http-title: 403 Forbidden
1294 | ssl-cert: Subject: commonName=*.secure.ne.jp
1295 | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1296 | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1297 | Public Key type: rsa
1298 | Public Key bits: 2048
1299 | Signature Algorithm: sha256WithRSAEncryption
1300 | Not valid before: 2019-06-07T00:00:00
1301 | Not valid after: 2021-08-05T12:00:00
1302 | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1303 |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1304 |_ssl-date: TLS randomness does not represent time
1305 Device type: general purpose|WAP|firewall|specialized
1306 Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%), FreeBSD 10.X|6.X (85%), VMware ESXi 4.X (85%)
1307 OS Info: Service Info: Host: x166.secure.ne.jp; OSs: Unix, Windows; CPE: cpe:/o:microsoft:windows
1308 |_clock-skew: mean: -4s, deviation: 0s, median: -4s
1309 Scanning ip 52.192.182.69 ():
1310 Scanning ip 54.249.45.48 ():
1311 WebCrawling domain's web servers... up to 50 max links.
1312
1313 + URL to crawl: http://www.vantec-gl.com.
1314 + Date: 2020-01-17
1315
1316 + Crawling URL: http://www.vantec-gl.com.:
1317 + Links:
1318 + Crawling http://www.vantec-gl.com.
1319 + Searching for directories...
1320 + Searching open folders...
1321
1322
1323 + URL to crawl: https://www.vantec-gl.com.
1324 + Date: 2020-01-17
1325
1326 + Crawling URL: https://www.vantec-gl.com.:
1327 + Links:
1328 + Crawling https://www.vantec-gl.com.
1329 + Searching for directories...
1330 + Searching open folders...
1331
1332
1333 + URL to crawl: https://www2.vantec-gl.com.:80
1334 + Date: 2020-01-17
1335
1336 + Crawling URL: https://www2.vantec-gl.com.:80:
1337 + Links:
1338 + Crawling https://www2.vantec-gl.com.:80
1339 + Searching for directories...
1340 + Searching open folders...
1341
1342
1343 + URL to crawl: https://www2.vantec-gl.com.
1344 + Date: 2020-01-17
1345
1346 + Crawling URL: https://www2.vantec-gl.com.:
1347 + Links:
1348 + Crawling https://www2.vantec-gl.com.
1349 + Searching for directories...
1350 + Searching open folders...
1351
1352
1353 + URL to crawl: https://www2.vantec-gl.com.:8080
1354 + Date: 2020-01-17
1355
1356 + Crawling URL: https://www2.vantec-gl.com.:8080:
1357 + Links:
1358 + Crawling https://www2.vantec-gl.com.:8080
1359 + Searching for directories...
1360 + Searching open folders...
1361
1362--Finished--
1363Summary information for domain vantec-gl.com.
1364-----------------------------------------
1365 Domain Specific Information:
1366 Email: n-madhusekar.ke@vantec-gl.com�
1367 Email: n-madhusekar.ke@vantec-gl.com
1368 Email: pk-diwakar.az@vantec-gl.com�
1369 Email: nohara.nf@vantec-gl.com
1370 Email: info@vantec-gl.com)
1371 Email: webmaster_vws@vantec-gl.com
1372 Email: INFO_vnl@vantec-gl.com
1373 Email: first@vantec-gl.com
1374 Email: madhusekar.ke@vantec-gl.com
1375 Email: n-madhusekar.ke@vantec-gl.com.
1376
1377 Domain Ips Information:
1378 IP: 52.100.0.0
1379 Type: SPF
1380 Is Active: True (reset ttl 64)
1381 IP: 54.95.33.202
1382 Type: SPF
1383 Is Active: True (reset ttl 64)
1384 IP: 52.197.41.197
1385 Type: SPF
1386 Is Active: True (reset ttl 64)
1387 IP: 54.65.167.98
1388 Type: SPF
1389 Is Active: True (reset ttl 64)
1390 IP: 13.78.13.196
1391 Type: SPF
1392 Is Active: True (reset ttl 64)
1393 IP: 104.215.4.137
1394 Type: SPF
1395 Is Active: True (reset ttl 64)
1396 IP: 52.199.1.239
1397 Type: SPF
1398 Is Active: True (reset ttl 64)
1399 IP: 113.157.206.3
1400 HostName: gw.vantec-gl.com. Type: A
1401 Country: Japan
1402 Is Active: True (reset ttl 64)
1403 IP: 13.114.92.136
1404 Type: SPF
1405 Is Active: True (reset ttl 64)
1406 Port: 465/tcp open ssl/smtp syn-ack ttl 36 Postfix smtpd
1407 Script Info: |_smtp-commands: mxzkz.spcloud.jp, PIPELINING, SIZE 36700160, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1408 Script Info: | ssl-cert: Subject: commonName=*.spcloud.jp
1409 Script Info: | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1410 Script Info: | Issuer: commonName=FujiSSL Public Certification Authority - G1/organizationName=Nijimo, Inc./countryName=JP
1411 Script Info: | Public Key type: rsa
1412 Script Info: | Public Key bits: 2048
1413 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1414 Script Info: | Not valid before: 2018-03-05T07:10:17
1415 Script Info: | Not valid after: 2019-03-05T23:59:00
1416 Script Info: | MD5: 2bc0 0c2e ee29 cd89 7758 c756 e48c eae1
1417 Script Info: |_SHA-1: 911b 8c9c 8445 9cc1 504f ccf4 896f 70a8 a74a 5341
1418 Script Info: |_ssl-date: 2020-01-17T20:23:03+00:00; -5s from scanner time.
1419 Os Info: Host: mxzkz.spcloud.jp
1420 Script Info: |_clock-skew: -5s
1421 IP: 54.65.163.216
1422 Type: SPF
1423 Is Active: True (reset ttl 64)
1424 IP: 113.157.206.0
1425 Type: SPF
1426 Is Active: True (reset ttl 64)
1427 IP: 180.211.76.162
1428 Type: SPF
1429 Is Active: True (reset ttl 64)
1430 Port: 443/tcp open ssl/http syn-ack ttl 41 Apache httpd 2.2.15
1431 Script Info: | http-cookie-flags:
1432 Script Info: | /:
1433 Script Info: | JSESSIONID:
1434 Script Info: |_ httponly flag not set
1435 Script Info: |_http-favicon: Unknown favicon MD5: 42F6D057DA4BFB7CD5A76ECEE7CAFF0C
1436 Script Info: | http-methods:
1437 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1438 Script Info: | http-robots.txt: 1 disallowed entry
1439 Script Info: |_/
1440 Script Info: |_http-title: Site doesn't have a title (text/html;charset=UTF-8).
1441 Script Info: | ssl-cert: Subject: commonName=*.spcloud.jp
1442 Script Info: | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1443 Script Info: | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1444 Script Info: | Public Key type: rsa
1445 Script Info: | Public Key bits: 2048
1446 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1447 Script Info: | Not valid before: 2019-02-06T05:30:37
1448 Script Info: | Not valid after: 2020-03-06T14:59:59
1449 Script Info: | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1450 Script Info: |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1451 Script Info: |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1452 Script Info: | vulners:
1453 Script Info: | cpe:/a:apache:http_server:2.2.15:
1454 Script Info: | CVE-2011-3192 7.8 https://vulners.com/cve/CVE-2011-3192
1455 Script Info: | CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679
1456 Script Info: | CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668
1457 Script Info: | CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169
1458 Script Info: | CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167
1459 Script Info: | CVE-2013-2249 7.5 https://vulners.com/cve/CVE-2013-2249
1460 Script Info: | CVE-2012-0883 6.9 https://vulners.com/cve/CVE-2012-0883
1461 Script Info: | CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312
1462 Script Info: | CVE-2017-12171 6.4 https://vulners.com/cve/CVE-2017-12171
1463 Script Info: | CVE-2013-1862 5.1 https://vulners.com/cve/CVE-2013-1862
1464 Script Info: | CVE-2014-0231 5.0 https://vulners.com/cve/CVE-2014-0231
1465 Script Info: | CVE-2014-0098 5.0 https://vulners.com/cve/CVE-2014-0098
1466 Script Info: | CVE-2013-6438 5.0 https://vulners.com/cve/CVE-2013-6438
1467 Script Info: | CVE-2012-4557 5.0 https://vulners.com/cve/CVE-2012-4557
1468 Script Info: | CVE-2011-3368 5.0 https://vulners.com/cve/CVE-2011-3368
1469 Script Info: | CVE-2010-2068 5.0 https://vulners.com/cve/CVE-2010-2068
1470 Script Info: | CVE-2010-1452 5.0 https://vulners.com/cve/CVE-2010-1452
1471 Script Info: | CVE-2012-0031 4.6 https://vulners.com/cve/CVE-2012-0031
1472 Script Info: | CVE-2011-3607 4.4 https://vulners.com/cve/CVE-2011-3607
1473 Script Info: | CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975
1474 Script Info: | CVE-2013-1896 4.3 https://vulners.com/cve/CVE-2013-1896
1475 Script Info: | CVE-2012-4558 4.3 https://vulners.com/cve/CVE-2012-4558
1476 Script Info: | CVE-2012-3499 4.3 https://vulners.com/cve/CVE-2012-3499
1477 Script Info: | CVE-2012-0053 4.3 https://vulners.com/cve/CVE-2012-0053
1478 Script Info: | CVE-2011-4317 4.3 https://vulners.com/cve/CVE-2011-4317
1479 Script Info: | CVE-2011-3639 4.3 https://vulners.com/cve/CVE-2011-3639
1480 Script Info: | CVE-2011-3348 4.3 https://vulners.com/cve/CVE-2011-3348
1481 Script Info: | CVE-2011-0419 4.3 https://vulners.com/cve/CVE-2011-0419
1482 Script Info: | CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612
1483 Script Info: | CVE-2012-2687 2.6 https://vulners.com/cve/CVE-2012-2687
1484 Script Info: |_ CVE-2011-4415 1.2 https://vulners.com/cve/CVE-2011-4415
1485 Port: 465/tcp open ssl/smtps? syn-ack ttl 41
1486 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1487 Script Info: |_ssl-date: TLS randomness does not represent time
1488 Port: 587/tcp open smtp syn-ack ttl 41 Postfix smtpd
1489 Script Info: |_smtp-commands: mail.spcloud.jp, STARTTLS,
1490 Script Info: |_ssl-date: 2020-01-17T20:24:46+00:00; -4s from scanner time.
1491 Port: 993/tcp open ssl/imaps? syn-ack ttl 42
1492 Script Info: |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1493 Port: 995/tcp open ssl/pop3s? syn-ack ttl 42
1494 Script Info: |_ssl-date: 2020-01-17T20:24:45+00:00; -4s from scanner time.
1495 Os Info: Host: mail.spcloud.jp
1496 Script Info: |_clock-skew: mean: -4s, deviation: 0s, median: -4s
1497 IP: 13.78.38.217
1498 Type: SPF
1499 Is Active: True (reset ttl 64)
1500 Port: 443/tcp open ssl/http syn-ack ttl 50 nginx
1501 Script Info: |_http-server-header: nginx/1.0.15
1502 Script Info: |_http-title: 400 The plain HTTP request was sent to HTTPS port
1503 Script Info: | ssl-cert: Subject: commonName=*.manage.spcloud.jp
1504 Script Info: | Subject Alternative Name: DNS:*.manage.spcloud.jp
1505 Script Info: | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1506 Script Info: | Public Key type: rsa
1507 Script Info: | Public Key bits: 2048
1508 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1509 Script Info: | Not valid before: 2019-02-06T05:33:27
1510 Script Info: | Not valid after: 2020-03-06T14:59:59
1511 Script Info: | MD5: 800b cba8 41c7 b09b c9cc 35a8 dae0 2373
1512 Script Info: |_SHA-1: b5b7 70d2 9e69 5f3a fb11 cd76 2f9a 1c0e ad63 91eb
1513 Script Info: |_ssl-date: 2020-01-17T20:28:38+00:00; -4s from scanner time.
1514 Script Info: Device type: general purpose|firewall|storage-misc
1515 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (91%), WatchGuard Fireware 11.X (86%), Synology DiskStation Manager 5.X (85%)
1516 Script Info: |_clock-skew: -4s
1517 IP: 180.211.76.160
1518 Type: SPF
1519 Is Active: True (reset ttl 64)
1520 IP: 218.45.236.86
1521 Type: SPF
1522 Is Active: True (reset ttl 64)
1523 IP: 205.251.192.109
1524 HostName: ns-109.awsdns-13.com Type: NS
1525 HostName: ns-109.awsdns-13.com Type: PTR
1526 Country: United States
1527 Is Active: True (echo-reply ttl 240)
1528 Port: 53/tcp open tcpwrapped syn-ack ttl 240
1529 IP: 3.113.175.53
1530 Type: SPF
1531 Is Active: True (reset ttl 64)
1532 IP: 13.115.57.8
1533 Type: SPF
1534 Is Active: True (reset ttl 64)
1535 Port: 465/tcp open ssl/smtp syn-ack ttl 34 Postfix smtpd
1536 Script Info: |_smtp-commands: mxzkb.spcloud.jp, PIPELINING, SIZE 36700160, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1537 Script Info: | ssl-cert: Subject: commonName=*.spcloud.jp
1538 Script Info: | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1539 Script Info: | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1540 Script Info: | Public Key type: rsa
1541 Script Info: | Public Key bits: 2048
1542 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1543 Script Info: | Not valid before: 2019-02-06T05:30:37
1544 Script Info: | Not valid after: 2020-03-06T14:59:59
1545 Script Info: | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1546 Script Info: |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1547 Script Info: |_ssl-date: 2020-01-17T20:30:10+00:00; -4s from scanner time.
1548 Os Info: Host: mxzkb.spcloud.jp
1549 Script Info: |_clock-skew: -4s
1550 IP: 113.157.206.2
1551 HostName: ns1.vantec-gl.com. Type: A
1552 Country: Japan
1553 Is Active: True (reset ttl 64)
1554 IP: 13.114.77.112
1555 Type: SPF
1556 Is Active: True (reset ttl 64)
1557 IP: 104.47.92.36
1558 HostName: vantecgl-com01e.mail.eo.outlook.com Type: MX
1559 HostName: mail-os2jpn010036.inbound.protection.outlook.com Type: PTR
1560 Country: Japan
1561 Is Active: True (reset ttl 64)
1562 IP: 211.8.133.86
1563 Type: SPF
1564 Is Active: True (reset ttl 64)
1565 IP: 54.65.87.63
1566 Type: SPF
1567 Is Active: True (reset ttl 64)
1568 IP: 52.199.8.184
1569 Type: SPF
1570 Is Active: True (reset ttl 64)
1571 IP: 3.114.230.207
1572 Type: SPF
1573 Is Active: True (reset ttl 64)
1574 IP: 18.182.115.6
1575 Type: SPF
1576 Is Active: True (reset ttl 64)
1577 IP: 205.251.197.80
1578 HostName: ns-1360.awsdns-42.org Type: NS
1579 HostName: ns-1360.awsdns-42.org Type: PTR
1580 Country: United States
1581 Is Active: True (echo-reply ttl 245)
1582 Port: 53/tcp open tcpwrapped syn-ack ttl 245
1583 IP: 52.198.68.5
1584 HostName: www.vantec-gl.com. Type: A
1585 Country: Japan
1586 Is Active: True (reset ttl 64)
1587 Port: 80/tcp open http syn-ack ttl 36 Apache httpd
1588 Script Info: | http-auth:
1589 Script Info: | HTTP/1.1 401 Unauthorized\x0D
1590 Script Info: |_ Basic realm=Please enter your ID and password
1591 Script Info: |_http-server-header: Apache
1592 Script Info: |_http-title: 401 Unauthorized
1593 Port: 443/tcp open ssl/http syn-ack ttl 34 Apache httpd
1594 Script Info: |_http-favicon: Unknown favicon MD5: D69AE595555C56F8FF2AD62550BBB526
1595 Script Info: | http-methods:
1596 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1597 Script Info: |_http-server-header: Apache
1598 Script Info: | ssl-cert: Subject: commonName=www.vantec-gl.com/organizationName=VANTEC CORPORATION/stateOrProvinceName=Kanagawa/countryName=JP
1599 Script Info: | Subject Alternative Name: DNS:www.vantec-gl.com, DNS:vantec-gl.com
1600 Script Info: | Issuer: commonName=GlobalSign RSA OV SSL CA 2018/organizationName=GlobalSign nv-sa/countryName=BE
1601 Script Info: | Public Key type: rsa
1602 Script Info: | Public Key bits: 2048
1603 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1604 Script Info: | Not valid before: 2019-11-06T07:06:11
1605 Script Info: | Not valid after: 2020-12-18T23:59:59
1606 Script Info: | MD5: e3a0 67be 929e 7497 ebea 070a 2db0 30e1
1607 Script Info: |_SHA-1: 7523 2fcf 0b64 dcee 6db8 636a 59b5 7219 7b98 c7ae
1608 Script Info: |_ssl-date: 2020-01-17T20:32:24+00:00; -4s from scanner time.
1609 Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X (91%)
1610 Script Info: |_clock-skew: -4s
1611 IP: 52.192.253.4
1612 Type: SPF
1613 Is Active: True (reset ttl 64)
1614 IP: 13.114.245.121
1615 Type: SPF
1616 Is Active: True (reset ttl 64)
1617 Port: 465/tcp open ssl/smtp syn-ack ttl 35 Postfix smtpd
1618 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1619 Script Info: | ssl-cert: Subject: commonName=*.spcloud.jp
1620 Script Info: | Subject Alternative Name: DNS:*.spcloud.jp, DNS:spcloud.jp
1621 Script Info: | Issuer: commonName=FujiSSL Public Validation Authority - G3/organizationName=SECOM Trust Systems CO.,LTD./countryName=JP
1622 Script Info: | Public Key type: rsa
1623 Script Info: | Public Key bits: 2048
1624 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1625 Script Info: | Not valid before: 2019-02-06T05:30:37
1626 Script Info: | Not valid after: 2020-03-06T14:59:59
1627 Script Info: | MD5: 2c1c 04c1 1ab8 8899 5e9d b4e6 6ea0 db09
1628 Script Info: |_SHA-1: 49ab f325 29b2 c5d4 acc4 5b5f 8bb6 4524 5bad ba4a
1629 Script Info: |_ssl-date: 2020-01-17T20:33:27+00:00; -4s from scanner time.
1630 Os Info: Host: mxzka.spcloud.jp
1631 Script Info: |_clock-skew: -4s
1632 IP: 54.249.116.108
1633 Type: SPF
1634 Is Active: True (reset ttl 64)
1635 IP: 54.65.117.71
1636 Type: SPF
1637 Is Active: True (reset ttl 64)
1638 IP: 205.251.198.112
1639 HostName: ns-1648.awsdns-14.co.uk Type: NS
1640 HostName: ns-1648.awsdns-14.co.uk Type: PTR
1641 Country: United States
1642 Is Active: True (echo-reply ttl 245)
1643 Port: 53/tcp open tcpwrapped syn-ack ttl 245
1644 Script Info: Device type: storage-misc|PBX
1645 IP: 40.107.0.0
1646 Type: SPF
1647 Is Active: True (reset ttl 64)
1648 IP: 205.251.194.254
1649 HostName: ns-766.awsdns-31.net Type: NS
1650 HostName: ns-766.awsdns-31.net Type: PTR
1651 Country: United States
1652 Is Active: True (echo-reply ttl 244)
1653 Port: 53/tcp open tcpwrapped syn-ack ttl 245
1654 IP: 40.92.0.0
1655 Type: SPF
1656 Is Active: True (reset ttl 64)
1657 IP: 210.161.158.2
1658 HostName: ns2.vantec-gl.com. Type: A
1659 Country: Japan
1660 Is Active: True (reset ttl 64)
1661 IP: 210.161.158.0
1662 Type: SPF
1663 Is Active: True (reset ttl 64)
1664 IP: 104.47.93.36
1665 HostName: vantecgl-com01e.mail.eo.outlook.com Type: MX
1666 HostName: mail-ty1jpn010036.inbound.protection.outlook.com Type: PTR
1667 Country: Japan
1668 Is Active: True (reset ttl 64)
1669 IP: 104.47.0.0
1670 Type: SPF
1671 Is Active: True (reset ttl 64)
1672 IP: 115.146.61.170
1673 HostName: www2.vantec-gl.com. Type: A
1674 Country: Japan
1675 Is Active: True (reset ttl 64)
1676 Port: 21/tcp open ftp syn-ack ttl 52 ProFTPD or KnFTPD
1677 Port: 80/tcp open ssl/http syn-ack ttl 52 Apache httpd
1678 Script Info: | http-methods:
1679 Script Info: |_ Supported Methods: GET HEAD OPTIONS
1680 Script Info: |_http-server-header: Apache
1681 Script Info: |_http-title: 403 Forbidden
1682 Script Info: | ssl-cert: Subject: commonName=*.secure.ne.jp
1683 Script Info: | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1684 Script Info: | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1685 Script Info: | Public Key type: rsa
1686 Script Info: | Public Key bits: 2048
1687 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1688 Script Info: | Not valid before: 2019-06-07T00:00:00
1689 Script Info: | Not valid after: 2021-08-05T12:00:00
1690 Script Info: | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1691 Script Info: |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1692 Script Info: |_ssl-date: TLS randomness does not represent time
1693 Port: 110/tcp open pop3 syn-ack ttl 52 qmail pop3d
1694 Port: 143/tcp open imap syn-ack ttl 52 Courier Imapd (released 2005)
1695 Script Info: |_ssl-date: 2020-01-17T20:36:47+00:00; -4s from scanner time.
1696 Port: 443/tcp open ssl/http syn-ack ttl 51 Apache httpd
1697 Script Info: | http-methods:
1698 Script Info: |_ Supported Methods: GET HEAD OPTIONS
1699 Script Info: |_http-server-header: Apache
1700 Script Info: |_http-title: 403 Forbidden
1701 Script Info: | ssl-cert: Subject: commonName=*.secure.ne.jp
1702 Script Info: | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1703 Script Info: | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1704 Script Info: | Public Key type: rsa
1705 Script Info: | Public Key bits: 2048
1706 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1707 Script Info: | Not valid before: 2019-06-07T00:00:00
1708 Script Info: | Not valid after: 2021-08-05T12:00:00
1709 Script Info: | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1710 Script Info: |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1711 Script Info: |_ssl-date: TLS randomness does not represent time
1712 Port: 465/tcp open ssl/smtps? syn-ack ttl 51
1713 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1714 Script Info: |_ssl-date: 2020-01-17T20:36:46+00:00; -4s from scanner time.
1715 Port: 587/tcp open smtp syn-ack ttl 52 Access Remote PC smtpd
1716 Script Info: | smtp-commands: x166.secure.ne.jp, AUTH LOGIN CRAM-MD5 PLAIN, AUTH=LOGIN CRAM-MD5 PLAIN, PIPELINING, 8BITMIME,
1717 Script Info: |_ qmail home page: http://pobox.com/~djb/qmail.html
1718 Port: 993/tcp open ssl/imaps? syn-ack ttl 52
1719 Script Info: |_ssl-date: 2020-01-17T20:36:46+00:00; -4s from scanner time.
1720 Port: 995/tcp open ssl/pop3s? syn-ack ttl 52
1721 Script Info: |_ssl-date: 2020-01-17T20:36:47+00:00; -4s from scanner time.
1722 Port: 8080/tcp open ssl/http syn-ack ttl 51 Apache httpd
1723 Script Info: | http-methods:
1724 Script Info: |_ Supported Methods: GET HEAD OPTIONS
1725 Script Info: |_http-server-header: Apache
1726 Script Info: |_http-title: 403 Forbidden
1727 Script Info: | ssl-cert: Subject: commonName=*.secure.ne.jp
1728 Script Info: | Subject Alternative Name: DNS:*.secure.ne.jp, DNS:secure.ne.jp
1729 Script Info: | Issuer: commonName=GeoTrust RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1730 Script Info: | Public Key type: rsa
1731 Script Info: | Public Key bits: 2048
1732 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1733 Script Info: | Not valid before: 2019-06-07T00:00:00
1734 Script Info: | Not valid after: 2021-08-05T12:00:00
1735 Script Info: | MD5: 4ce2 a7d5 634f f281 e2cb cf04 4b68 7c1d
1736 Script Info: |_SHA-1: 681a 2477 37db 2838 04f1 8e2f ec33 26f6 1454 52e8
1737 Script Info: |_ssl-date: TLS randomness does not represent time
1738 Script Info: Device type: general purpose|WAP|firewall|specialized
1739 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (91%), FreeBSD 10.X|6.X (85%), VMware ESXi 4.X (85%)
1740 Os Info: Host: x166.secure.ne.jp; OSs: Unix, Windows; CPE: cpe:/o:microsoft:windows
1741 Script Info: |_clock-skew: mean: -4s, deviation: 0s, median: -4s
1742 IP: 52.192.182.69
1743 Type: SPF
1744 Is Active: True (reset ttl 64)
1745 IP: 54.249.45.48
1746 Type: SPF
1747 Is Active: True (reset ttl 64)
1748
1749--------------End Summary --------------
1750-----------------------------------------
1751######################################################################################################################################
1752traceroute to www.vantec-gl.com (52.198.68.5), 30 hops max, 60 byte packets
1753 1 10.243.204.1 (10.243.204.1) 34.466 ms 36.010 ms 36.013 ms
1754 2 104.245.145.177 (104.245.145.177) 36.043 ms 36.040 ms 36.029 ms
1755 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 36.025 ms 68.033 ms 68.051 ms
1756 4 te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 35.968 ms 35.992 ms 35.988 ms
1757 5 te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161) 35.924 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 35.906 ms 35.908 ms
1758 6 ix-ae-16-0.tcore1.tnk-toronto.as6453.net (64.86.33.98) 35.879 ms 89.232 ms 59.392 ms
1759 7 if-ae-2-2.tcore2.tnk-toronto.as6453.net (64.86.33.90) 214.351 ms 214.297 ms 214.322 ms
1760 8 if-ae-8-2.tcore1.ct8-chicago.as6453.net (66.110.48.2) 211.669 ms 211.664 ms 214.268 ms
1761 9 if-ae-52-55.tcore2.sqn-san-jose.as6453.net (63.243.129.21) 211.603 ms 211.608 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104) 248.339 ms
176210 if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1) 214.249 ms 214.244 ms 211.573 ms
176311 if-ae-18-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.73) 214.202 ms 211.521 ms if-ae-18-4.tcore2.sv1-santa-clara.as6453.net (63.243.205.13) 214.171 ms
176412 if-et-5-2.hcore1.kv8-chiba.as6453.net (209.58.86.143) 338.280 ms 258.051 ms 258.040 ms
176513 if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66) 257.979 ms 257.995 ms 223.888 ms
176614 180.87.180.62 (180.87.180.62) 257.970 ms 266.089 ms 266.054 ms
176715 * * *
176816 * * *
176917 54.239.52.105 (54.239.52.105) 254.144 ms 54.239.52.89 (54.239.52.89) 254.126 ms 54.239.52.97 (54.239.52.97) 254.115 ms
177018 52.95.30.36 (52.95.30.36) 254.060 ms 52.95.30.44 (52.95.30.44) 222.678 ms 52.95.30.48 (52.95.30.48) 254.060 ms
177119 * * *
177220 * * *
177321 * * *
177422 52.95.31.27 (52.95.31.27) 240.802 ms 52.95.31.59 (52.95.31.59) 204.774 ms 52.95.31.43 (52.95.31.43) 203.261 ms
177523 52.95.31.189 (52.95.31.189) 228.890 ms 52.95.31.181 (52.95.31.181) 205.752 ms 52.95.31.163 (52.95.31.163) 220.179 ms
177624 52.95.31.198 (52.95.31.198) 211.232 ms 52.95.31.194 (52.95.31.194) 230.635 ms 52.95.31.202 (52.95.31.202) 223.874 ms
177725 52.95.31.130 (52.95.31.130) 243.761 ms 243.733 ms 52.95.31.132 (52.95.31.132) 243.706 ms
177826 52.95.30.220 (52.95.30.220) 243.656 ms 52.95.30.216 (52.95.30.216) 243.657 ms 52.95.30.212 (52.95.30.212) 243.634 ms
177927 * * *
1780#######################################################################################################################################
1781----- vantec-gl.com -----
1782
1783
1784Host's addresses:
1785__________________
1786
1787
1788
1789Name Servers:
1790______________
1791
1792ns-766.awsdns-31.net. 80449 IN A 205.251.194.254
1793ns-109.awsdns-13.com. 86021 IN A 205.251.192.109
1794ns-1360.awsdns-42.org. 62518 IN A 205.251.197.80
1795ns-1648.awsdns-14.co.uk. 1299 IN A 205.251.198.112
1796
1797
1798Mail (MX) Servers:
1799___________________
1800
1801vantecgl-com01e.mail.eo.outlook.com. 10 IN A 104.47.92.36
1802vantecgl-com01e.mail.eo.outlook.com. 10 IN A 104.47.93.36
1803
1804
1805Brute forcing with /usr/share/dnsenum/dns.txt:
1806_______________________________________________
1807
1808ns1.vantec-gl.com. 3082 IN A 113.157.206.2
1809ns2.vantec-gl.com. 3082 IN A 210.161.158.2
1810sp.vantec-gl.com. 3386 IN CNAME vanteccorp.sharepoint.com.
1811vanteccorp.sharepoint.com. 3386 IN CNAME (
1812prodnet10555-10669a0000.sharepointonline.com.akadns.net. 30 IN CNAME (
1813prodnet10555-10669ipv4a0000.sharepointonline.com.akadns.net. 30 IN A (
1814www.vantec-gl.com. 85389 IN A 52.198.68.5
1815www2.vantec-gl.com. 85875 IN A 115.146.61.170
1816
1817
1818Launching Whois Queries:
1819_________________________
1820
1821 whois ip result: 52.198.68.0 -> 52.196.0.0/14
1822 whois ip result: 113.157.206.0 -> 113.157.206.0/26
1823 whois ip result: 115.146.61.0 -> 115.146.48.0/20
1824 whois ip result: 210.161.158.0 -> 210.161.158.0/26
1825
1826
1827vantec-gl.com_____________
1828
1829 115.146.48.0/20
1830 113.157.206.0/26
1831 210.161.158.0/26
1832 52.196.0.0/14
1833#######################################################################################################################################
1834WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1835Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:13 EST
1836Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1837Host is up (0.17s latency).
1838Not shown: 491 filtered ports, 3 closed ports
1839Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1840PORT STATE SERVICE
184180/tcp open http
1842443/tcp open https
1843
1844Nmap done: 1 IP address (1 host up) scanned in 10.42 seconds
1845######################################################################################################################################
1846Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:13 EST
1847Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1848Host is up (0.090s latency).
1849Not shown: 2 filtered ports
1850PORT STATE SERVICE
185153/udp open|filtered domain
185267/udp open|filtered dhcps
185368/udp open|filtered dhcpc
185469/udp open|filtered tftp
185588/udp open|filtered kerberos-sec
1856123/udp open|filtered ntp
1857139/udp open|filtered netbios-ssn
1858161/udp open|filtered snmp
1859162/udp open|filtered snmptrap
1860389/udp open|filtered ldap
1861500/udp open|filtered isakmp
1862520/udp open|filtered route
18632049/udp open|filtered nfs
1864
1865Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds
1866######################################################################################################################################
1867HTTP/1.1 401 Unauthorized
1868Date: Fri, 17 Jan 2020 20:13:34 GMT
1869Server: Apache
1870WWW-Authenticate: Basic realm="Please enter your ID and password"
1871Content-Type: text/html; charset=iso-8859-1
1872######################################################################################################################################
1873http://52.198.68.5 [401 Unauthorized] Apache, Country[UNITED STATES][US], HTTPServer[Apache], IP[52.198.68.5], Title[401 Unauthorized], WWW-Authenticate[Please enter your ID and password][Basic]
1874######################################################################################################################################
1875
1876wig - WebApp Information Gatherer
1877
1878
1879Scanning http://52.198.68.5...
1880_________________________________________ SITE INFO _________________________________________
1881IP Title
188252.198.68.5 401 Unauthorized
1883
1884__________________________________________ VERSION __________________________________________
1885Name Versions Type
1886Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1887 2.4.9
1888
1889________________________________________ INTERESTING ________________________________________
1890URL Note Type
1891/readme.html Readme file Interesting
1892/install.php Installation file Interesting
1893/test.php Test file Interesting
1894
1895_____________________________________________________________________________________________
1896Time: 47.1 sec Urls: 809 Fingerprints: 40401
1897######################################################################################################################################
1898Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:14 EST
1899NSE: Loaded 162 scripts for scanning.
1900NSE: Script Pre-scanning.
1901Initiating NSE at 15:14
1902Completed NSE at 15:14, 0.00s elapsed
1903Initiating NSE at 15:14
1904Completed NSE at 15:14, 0.00s elapsed
1905Initiating Parallel DNS resolution of 1 host. at 15:14
1906Completed Parallel DNS resolution of 1 host. at 15:14, 0.02s elapsed
1907Initiating SYN Stealth Scan at 15:14
1908Scanning ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5) [1 port]
1909Discovered open port 80/tcp on 52.198.68.5
1910Completed SYN Stealth Scan at 15:14, 0.25s elapsed (1 total ports)
1911Initiating Service scan at 15:14
1912Scanning 1 service on ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1913Completed Service scan at 15:14, 6.46s elapsed (1 service on 1 host)
1914Initiating OS detection (try #1) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1915Retrying OS detection (try #2) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1916Initiating Traceroute at 15:14
1917Completed Traceroute at 15:14, 3.73s elapsed
1918Initiating Parallel DNS resolution of 21 hosts. at 15:14
1919Completed Parallel DNS resolution of 21 hosts. at 15:14, 0.40s elapsed
1920NSE: Script scanning 52.198.68.5.
1921Initiating NSE at 15:15
1922Completed NSE at 15:16, 91.28s elapsed
1923Initiating NSE at 15:16
1924Completed NSE at 15:16, 1.64s elapsed
1925Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
1926Host is up (0.22s latency).
1927
1928PORT STATE SERVICE VERSION
192980/tcp open http Apache httpd
1930| http-auth:
1931| HTTP/1.1 401 Unauthorized\x0D
1932|_ Basic realm=Please enter your ID and password
1933| http-auth-finder:
1934| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com
1935| url method
1936|_ http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:80/ HTTP: Basic
1937|_http-chrono: Request times for /; avg: 587.91ms; min: 521.20ms; max: 617.59ms
1938|_http-csrf: Couldn't find any CSRF vulnerabilities.
1939|_http-date: Fri, 17 Jan 2020 20:15:16 GMT; -4s from local time.
1940|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1941|_http-dombased-xss: Couldn't find any DOM based XSS.
1942|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1943| http-errors:
1944| Spidering limited to: maxpagecount=40; withinhost=ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com
1945| Found the following error pages:
1946|
1947| Error Code: 401
1948|_ http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:80/
1949|_http-feed: Couldn't find any feeds.
1950|_http-fetch: Please enter the complete path of the directory to save data in.
1951| http-headers:
1952| Date: Fri, 17 Jan 2020 20:15:41 GMT
1953| Server: Apache
1954| WWW-Authenticate: Basic realm="Please enter your ID and password"
1955| Content-Length: 381
1956| Connection: close
1957| Content-Type: text/html; charset=iso-8859-1
1958|
1959|_ (Request type: GET)
1960|_http-iis-webdav-vuln: Could not determine vulnerability, since root folder is password protected
1961|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1962|_http-mobileversion-checker: No mobile version detected.
1963|_http-security-headers:
1964|_http-server-header: Apache
1965| http-sitemap-generator:
1966| Directory structure:
1967| Longest directory structure:
1968| Depth: 0
1969| Dir: /
1970| Total files found (by extension):
1971|_
1972|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1973|_http-title: 401 Unauthorized
1974| http-vhosts:
1975|_127 names had status 401
1976|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1977|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1978|_http-xssed: No previously reported XSS vuln.
1979| vulscan: VulDB - https://vuldb.com:
1980| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1981| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1982| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1983| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1984| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1985| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1986| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1987| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1988| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1989| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1990| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1991| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1992| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1993| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1994| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1995| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1996| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1997| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1998| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1999| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2000| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2001| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2002| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2003| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2004| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2005| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2006| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2007| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2008| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2009| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2010| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2011| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2012| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2013| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2014| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2015| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2016| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2017| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2018| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2019| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2020| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2021| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2022| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2023| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2024| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2025| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2026| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2027| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2028| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2029| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2030| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2031| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2032| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2033| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2034| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2035| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2036| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2037| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2038| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2039| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2040| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2041| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2042| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2043| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2044| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2045| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2046| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2047| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2048| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2049| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2050| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2051| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2052| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2053| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2054| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2055| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2056| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2057| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2058| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2059| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2060| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2061| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2062| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2063| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2064| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2065| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2066| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2067| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2068| [136370] Apache Fineract up to 1.2.x sql injection
2069| [136369] Apache Fineract up to 1.2.x sql injection
2070| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2071| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2072| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2073| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2074| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2075| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2076| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2077| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2078| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2079| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2080| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2081| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2082| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2083| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2084| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2085| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2086| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2087| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2088| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2089| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2090| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2091| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2092| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2093| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2094| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2095| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2096| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2097| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2098| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2099| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2100| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2101| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2102| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2103| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2104| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2105| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2106| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2107| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2108| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2109| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2110| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2111| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2112| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2113| [130629] Apache Guacamole Cookie Flag weak encryption
2114| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2115| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2116| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2117| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2118| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2119| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2120| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2121| [130123] Apache Airflow up to 1.8.2 information disclosure
2122| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2123| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2124| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2125| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2126| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2127| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2128| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2129| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2130| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2131| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2132| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2133| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2134| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2135| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2136| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2137| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2138| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2139| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2140| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2141| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2142| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2143| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2144| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2145| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2146| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2147| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2148| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2149| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2150| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2151| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2152| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2153| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2154| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2155| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2156| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2157| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2158| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2159| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2160| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2161| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2162| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2163| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2164| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2165| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2166| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2167| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2168| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2169| [127007] Apache Spark Request Code Execution
2170| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2171| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2172| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2173| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2174| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2175| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2176| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2177| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2178| [126346] Apache Tomcat Path privilege escalation
2179| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2180| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2181| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2182| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2183| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2184| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2185| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2186| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2187| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2188| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2189| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2190| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2191| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2192| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2193| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2194| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2195| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2196| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2197| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2198| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2199| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2200| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2201| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2202| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2203| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2204| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2205| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2206| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2207| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2208| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2209| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2210| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2211| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2212| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2213| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2214| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2215| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2216| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2217| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2218| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2219| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2220| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2221| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2222| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2223| [123197] Apache Sentry up to 2.0.0 privilege escalation
2224| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2225| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2226| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2227| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2228| [122800] Apache Spark 1.3.0 REST API weak authentication
2229| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2230| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2231| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2232| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2233| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2234| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2235| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2236| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2237| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2238| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2239| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2240| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2241| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2242| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2243| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2244| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2245| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2246| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2247| [121354] Apache CouchDB HTTP API Code Execution
2248| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2249| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2250| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2251| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2252| [120168] Apache CXF weak authentication
2253| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2254| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2255| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2256| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2257| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2258| [119306] Apache MXNet Network Interface privilege escalation
2259| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2260| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2261| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2262| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2263| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2264| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2265| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2266| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2267| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2268| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2269| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2270| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2271| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2272| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2273| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2274| [117115] Apache Tika up to 1.17 tika-server command injection
2275| [116929] Apache Fineract getReportType Parameter privilege escalation
2276| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2277| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2278| [116926] Apache Fineract REST Parameter privilege escalation
2279| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2280| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2281| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2282| [115883] Apache Hive up to 2.3.2 privilege escalation
2283| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2284| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2285| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2286| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2287| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2288| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2289| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2290| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2291| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2292| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2293| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2294| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2295| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2296| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2297| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2298| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2299| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2300| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2301| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2302| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2303| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2304| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2305| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2306| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2307| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2308| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2309| [113895] Apache Geode up to 1.3.x Code Execution
2310| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2311| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2312| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2313| [113747] Apache Tomcat Servlets privilege escalation
2314| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2315| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2316| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2317| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2318| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2319| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2320| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2321| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2322| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2323| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2324| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2325| [112885] Apache Allura up to 1.8.0 File information disclosure
2326| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2327| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2328| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2329| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2330| [112625] Apache POI up to 3.16 Loop denial of service
2331| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2332| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2333| [112339] Apache NiFi 1.5.0 Header privilege escalation
2334| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2335| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2336| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2337| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2338| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2339| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2340| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2341| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2342| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2343| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2344| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2345| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2346| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2347| [112114] Oracle 9.1 Apache Log4j privilege escalation
2348| [112113] Oracle 9.1 Apache Log4j privilege escalation
2349| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2350| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2351| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2352| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2353| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2354| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2355| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2356| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2357| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2358| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2359| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2360| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2361| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2362| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2363| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2364| [110701] Apache Fineract Query Parameter sql injection
2365| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2366| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2367| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2368| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2369| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2370| [110106] Apache CXF Fediz Spring cross site request forgery
2371| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2372| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2373| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2374| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2375| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2376| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2377| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2378| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2379| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2380| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2381| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2382| [108938] Apple macOS up to 10.13.1 apache denial of service
2383| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2384| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2385| [108935] Apple macOS up to 10.13.1 apache denial of service
2386| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2387| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2388| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2389| [108931] Apple macOS up to 10.13.1 apache denial of service
2390| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2391| [108929] Apple macOS up to 10.13.1 apache denial of service
2392| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2393| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2394| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2395| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2396| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2397| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2398| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2399| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2400| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2401| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2402| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2403| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2404| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2405| [108782] Apache Xerces2 XML Service denial of service
2406| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2407| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2408| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2409| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2410| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2411| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2412| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2413| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2414| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2415| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2416| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2417| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2418| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2419| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2420| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2421| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2422| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2423| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2424| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2425| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2426| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2427| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2428| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2429| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2430| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2431| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2432| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2433| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2434| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2435| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2436| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2437| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2438| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2439| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2440| [107639] Apache NiFi 1.4.0 XML External Entity
2441| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2442| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2443| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2444| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2445| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2446| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2447| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2448| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2449| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2450| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2451| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2452| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2453| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2454| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2455| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2456| [107084] Apache Struts up to 2.3.19 cross site scripting
2457| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2458| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2459| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2460| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2461| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2462| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2463| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2464| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2465| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2466| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2467| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2468| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2469| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2470| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2471| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2472| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2473| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2474| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2475| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2476| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2477| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2478| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2479| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2480| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2481| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2482| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2483| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2484| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2485| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2486| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2487| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2488| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2489| [105643] Apache Pony Mail up to 0.8b weak authentication
2490| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2491| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2492| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2493| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2494| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2495| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2496| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2497| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2498| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2499| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2500| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2501| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2502| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2503| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2504| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2505| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2506| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2507| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2508| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2509| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2510| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2511| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2512| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2513| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2514| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2515| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2516| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2517| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2518| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2519| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2520| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2521| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2522| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2523| [103690] Apache OpenMeetings 1.0.0 sql injection
2524| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2525| [103688] Apache OpenMeetings 1.0.0 weak encryption
2526| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2527| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2528| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2529| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2530| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2531| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2532| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2533| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2534| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2535| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2536| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2537| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2538| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2539| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2540| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2541| [103352] Apache Solr Node weak authentication
2542| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2543| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2544| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2545| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2546| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2547| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2548| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2549| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2550| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2551| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2552| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2553| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2554| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2555| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2556| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2557| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2558| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2559| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2560| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2561| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2562| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2563| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2564| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2565| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2566| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2567| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2568| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2569| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2570| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2571| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2572| [99937] Apache Batik up to 1.8 privilege escalation
2573| [99936] Apache FOP up to 2.1 privilege escalation
2574| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2575| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2576| [99930] Apache Traffic Server up to 6.2.0 denial of service
2577| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2578| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2579| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2580| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2581| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2582| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2583| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2584| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2585| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2586| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2587| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2588| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2589| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2590| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2591| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2592| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2593| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2594| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2595| [98605] Apple macOS up to 10.12.3 Apache denial of service
2596| [98604] Apple macOS up to 10.12.3 Apache denial of service
2597| [98603] Apple macOS up to 10.12.3 Apache denial of service
2598| [98602] Apple macOS up to 10.12.3 Apache denial of service
2599| [98601] Apple macOS up to 10.12.3 Apache denial of service
2600| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2601| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2602| [98199] Apache Camel Validation XML External Entity
2603| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2604| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2605| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2606| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2607| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2608| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2609| [97081] Apache Tomcat HTTPS Request denial of service
2610| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2611| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2612| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2613| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2614| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2615| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2616| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2617| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2618| [95311] Apache Storm UI Daemon privilege escalation
2619| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2620| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2621| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2622| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2623| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2624| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2625| [94540] Apache Tika 1.9 tika-server File information disclosure
2626| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2627| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2628| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2629| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2630| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2631| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2632| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2633| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2634| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2635| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2636| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2637| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2638| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2639| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2640| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2641| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2642| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2643| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2644| [93532] Apache Commons Collections Library Java privilege escalation
2645| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2646| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2647| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2648| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2649| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2650| [93098] Apache Commons FileUpload privilege escalation
2651| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2652| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2653| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2654| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2655| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2656| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2657| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2658| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2659| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2660| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2661| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2662| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2663| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2664| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2665| [92549] Apache Tomcat on Red Hat privilege escalation
2666| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2667| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2668| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2669| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2670| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2671| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2672| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2673| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2674| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2675| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2676| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2677| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2678| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2679| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2680| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2681| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2682| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2683| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2684| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2685| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2686| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2687| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2688| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2689| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2690| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2691| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2692| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2693| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2694| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2695| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2696| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2697| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2698| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2699| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2700| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2701| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2702| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2703| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2704| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2705| [90263] Apache Archiva Header denial of service
2706| [90262] Apache Archiva Deserialize privilege escalation
2707| [90261] Apache Archiva XML DTD Connection privilege escalation
2708| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2709| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2710| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2711| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2712| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2713| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2714| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2715| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2716| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2717| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2718| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2719| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2720| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2721| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2722| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2723| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2724| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2725| [87765] Apache James Server 2.3.2 Command privilege escalation
2726| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2727| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2728| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2729| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2730| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2731| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2732| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2733| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2734| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2735| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2736| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2737| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2738| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2739| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2740| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2741| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2742| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2743| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2744| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2745| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2746| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2747| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2748| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2749| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2750| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2751| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2752| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2753| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2754| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2755| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2756| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2757| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2758| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2759| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2760| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2761| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2762| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2763| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2764| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2765| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2766| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2767| [82076] Apache Ranger up to 0.5.1 privilege escalation
2768| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2769| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2770| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2771| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2772| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2773| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2774| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2775| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2776| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2777| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2778| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2779| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2780| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2781| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2782| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2783| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2784| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2785| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2786| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2787| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2788| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2789| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2790| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2791| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2792| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2793| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2794| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2795| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2796| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2797| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2798| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2799| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2800| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2801| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2802| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2803| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2804| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2805| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2806| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2807| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2808| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2809| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2810| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2811| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2812| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2813| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2814| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2815| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2816| [78989] Apache Ambari up to 2.1.1 Open Redirect
2817| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2818| [78987] Apache Ambari up to 2.0.x cross site scripting
2819| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2820| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2821| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2822| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2823| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2824| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2825| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2826| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2827| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2828| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2829| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2830| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2831| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2832| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2833| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2834| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2835| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2836| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2837| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2838| [76567] Apache Struts 2.3.20 unknown vulnerability
2839| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2840| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2841| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2842| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2843| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2844| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2845| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2846| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2847| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2848| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2849| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2850| [74793] Apache Tomcat File Upload denial of service
2851| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2852| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2853| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2854| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2855| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2856| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2857| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2858| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2859| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2860| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2861| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2862| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2863| [74468] Apache Batik up to 1.6 denial of service
2864| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2865| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2866| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2867| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2868| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2869| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2870| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2871| [73731] Apache XML Security unknown vulnerability
2872| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2873| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2874| [73593] Apache Traffic Server up to 5.1.0 denial of service
2875| [73511] Apache POI up to 3.10 Deadlock denial of service
2876| [73510] Apache Solr up to 4.3.0 cross site scripting
2877| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2878| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2879| [73173] Apache CloudStack Stack-Based unknown vulnerability
2880| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2881| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2882| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2883| [72890] Apache Qpid 0.30 unknown vulnerability
2884| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2885| [72878] Apache Cordova 3.5.0 cross site request forgery
2886| [72877] Apache Cordova 3.5.0 cross site request forgery
2887| [72876] Apache Cordova 3.5.0 cross site request forgery
2888| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2889| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2890| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2891| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2892| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2893| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2894| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2895| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2896| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2897| [71629] Apache Axis2/C spoofing
2898| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2899| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2900| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2901| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2902| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2903| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2904| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2905| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2906| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2907| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2908| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2909| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2910| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2911| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2912| [70809] Apache POI up to 3.11 Crash denial of service
2913| [70808] Apache POI up to 3.10 unknown vulnerability
2914| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2915| [70749] Apache Axis up to 1.4 getCN spoofing
2916| [70701] Apache Traffic Server up to 3.3.5 denial of service
2917| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2918| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2919| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2920| [70661] Apache Subversion up to 1.6.17 denial of service
2921| [70660] Apache Subversion up to 1.6.17 spoofing
2922| [70659] Apache Subversion up to 1.6.17 spoofing
2923| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2924| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2925| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2926| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2927| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2928| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2929| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2930| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2931| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2932| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2933| [69846] Apache HBase up to 0.94.8 information disclosure
2934| [69783] Apache CouchDB up to 1.2.0 memory corruption
2935| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2936| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2937| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2938| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2939| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2940| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2941| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2942| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2943| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2944| [69431] Apache Archiva up to 1.3.6 cross site scripting
2945| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2946| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2947| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2948| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2949| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2950| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2951| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2952| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2953| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2954| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2955| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2956| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2957| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2958| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2959| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2960| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2961| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2962| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2963| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2964| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2965| [66356] Apache Wicket up to 6.8.0 information disclosure
2966| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2967| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2968| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2969| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2970| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2971| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2972| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2973| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2974| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2975| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2976| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2977| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2978| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2979| [65668] Apache Solr 4.0.0 Updater denial of service
2980| [65665] Apache Solr up to 4.3.0 denial of service
2981| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2982| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2983| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2984| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2985| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2986| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2987| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2988| [65410] Apache Struts 2.3.15.3 cross site scripting
2989| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2990| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2991| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2992| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2993| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2994| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2995| [65340] Apache Shindig 2.5.0 information disclosure
2996| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2997| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2998| [10826] Apache Struts 2 File privilege escalation
2999| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3000| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3001| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3002| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3003| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3004| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3005| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3006| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3007| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3008| [64722] Apache XML Security for C++ Heap-based memory corruption
3009| [64719] Apache XML Security for C++ Heap-based memory corruption
3010| [64718] Apache XML Security for C++ verify denial of service
3011| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3012| [64716] Apache XML Security for C++ spoofing
3013| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3014| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3015| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3016| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3017| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3018| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3019| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3020| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3021| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3022| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3023| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3024| [64467] Apache Geronimo 3.0 memory corruption
3025| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3026| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3027| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3028| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3029| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3030| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3031| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3032| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3033| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3034| [8873] Apache Struts 2.3.14 privilege escalation
3035| [8872] Apache Struts 2.3.14 privilege escalation
3036| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3037| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3038| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3039| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3040| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3041| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3042| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3043| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3044| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3045| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3046| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3047| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3048| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3049| [8427] Apache Tomcat Session Transaction weak authentication
3050| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3051| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3052| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3053| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3054| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3055| [63747] Apache Rave up to 0.20 User Account information disclosure
3056| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3057| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3058| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3059| [7687] Apache CXF up to 2.7.2 Token weak authentication
3060| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3061| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3062| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3063| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3064| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3065| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3066| [63090] Apache Tomcat up to 4.1.24 denial of service
3067| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3068| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3069| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3070| [62833] Apache CXF -/2.6.0 spoofing
3071| [62832] Apache Axis2 up to 1.6.2 spoofing
3072| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3073| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3074| [62826] Apache Libcloud up to 0.11.0 spoofing
3075| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3076| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3077| [62661] Apache Axis2 unknown vulnerability
3078| [62658] Apache Axis2 unknown vulnerability
3079| [62467] Apache Qpid up to 0.17 denial of service
3080| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3081| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3082| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3083| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3084| [62035] Apache Struts up to 2.3.4 denial of service
3085| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3086| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3087| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3088| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3089| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3090| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3091| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3092| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3093| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3094| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3095| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3096| [61229] Apache Sling up to 2.1.1 denial of service
3097| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3098| [61094] Apache Roller up to 5.0 cross site scripting
3099| [61093] Apache Roller up to 5.0 cross site request forgery
3100| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3101| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3102| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3103| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3104| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3105| [60708] Apache Qpid 0.12 unknown vulnerability
3106| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3107| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3108| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3109| [4882] Apache Wicket up to 1.5.4 directory traversal
3110| [4881] Apache Wicket up to 1.4.19 cross site scripting
3111| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3112| [60352] Apache Struts up to 2.2.3 memory corruption
3113| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3114| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3115| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3116| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3117| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3118| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3119| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3120| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3121| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3122| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3123| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3124| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3125| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3126| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3127| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3128| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3129| [59888] Apache Tomcat up to 6.0.6 denial of service
3130| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3131| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3132| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3133| [59850] Apache Geronimo up to 2.2.1 denial of service
3134| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3135| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3136| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3137| [58413] Apache Tomcat up to 6.0.10 spoofing
3138| [58381] Apache Wicket up to 1.4.17 cross site scripting
3139| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3140| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3141| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3142| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3143| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3144| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3145| [57568] Apache Archiva up to 1.3.4 cross site scripting
3146| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3147| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3148| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3149| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3150| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3151| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3152| [57025] Apache Tomcat up to 7.0.11 information disclosure
3153| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3154| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3155| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3156| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3157| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3158| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3159| [56512] Apache Continuum up to 1.4.0 cross site scripting
3160| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3161| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3162| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3163| [56441] Apache Tomcat up to 7.0.6 denial of service
3164| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3165| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3166| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3167| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3168| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3169| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3170| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3171| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3172| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3173| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3174| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3175| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3176| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3177| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3178| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3179| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3180| [54012] Apache Tomcat up to 6.0.10 denial of service
3181| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3182| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3183| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3184| [52894] Apache Tomcat up to 6.0.7 information disclosure
3185| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3186| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3187| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3188| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3189| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3190| [52584] Apache CouchDB up to 0.10.1 information disclosure
3191| [51757] Apache HTTP Server 2.0.44 cross site scripting
3192| [51756] Apache HTTP Server 2.0.44 spoofing
3193| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3194| [51690] Apache Tomcat up to 6.0 directory traversal
3195| [51689] Apache Tomcat up to 6.0 information disclosure
3196| [51688] Apache Tomcat up to 6.0 directory traversal
3197| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3198| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3199| [50626] Apache Solr 1.0.0 cross site scripting
3200| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3201| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3202| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3203| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3204| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3205| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3206| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3207| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3208| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3209| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3210| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3211| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3212| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3213| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3214| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3215| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3216| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3217| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3218| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3219| [47214] Apachefriends xampp 1.6.8 spoofing
3220| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3221| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3222| [47065] Apache Tomcat 4.1.23 cross site scripting
3223| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3224| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3225| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3226| [86625] Apache Struts directory traversal
3227| [44461] Apache Tomcat up to 5.5.0 information disclosure
3228| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3229| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3230| [43663] Apache Tomcat up to 6.0.16 directory traversal
3231| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3232| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3233| [43516] Apache Tomcat up to 4.1.20 directory traversal
3234| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3235| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3236| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3237| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3238| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3239| [40924] Apache Tomcat up to 6.0.15 information disclosure
3240| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3241| [40922] Apache Tomcat up to 6.0 information disclosure
3242| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3243| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3244| [40656] Apache Tomcat 5.5.20 information disclosure
3245| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3246| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3247| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3248| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3249| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3250| [40234] Apache Tomcat up to 6.0.15 directory traversal
3251| [40221] Apache HTTP Server 2.2.6 information disclosure
3252| [40027] David Castro Apache Authcas 0.4 sql injection
3253| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3254| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3255| [3414] Apache Tomcat WebDAV Stored privilege escalation
3256| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3257| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3258| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3259| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3260| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3261| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3262| [38524] Apache Geronimo 2.0 unknown vulnerability
3263| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3264| [38331] Apache Tomcat 4.1.24 information disclosure
3265| [38330] Apache Tomcat 4.1.24 information disclosure
3266| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3267| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3268| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3269| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3270| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3271| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3272| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3273| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3274| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3275| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3276| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3277| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3278| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3279| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3280| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3281| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3282| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3283| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3284| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3285| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3286| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3287| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3288| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3289| [34252] Apache HTTP Server denial of service
3290| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3291| [33877] Apache Opentaps 0.9.3 cross site scripting
3292| [33876] Apache Open For Business Project unknown vulnerability
3293| [33875] Apache Open For Business Project cross site scripting
3294| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3295| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3296|
3297| MITRE CVE - https://cve.mitre.org:
3298| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3299| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3300| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3301| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3302| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3303| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3304| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3305| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3306| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3307| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3308| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3309| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3310| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3311| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3312| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3313| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3314| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3315| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3316| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3317| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3318| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3319| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3320| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3321| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3322| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3323| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3324| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3325| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3326| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3327| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3328| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3329| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3330| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3331| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3332| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3333| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3334| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3335| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3336| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3337| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3338| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3339| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3340| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3341| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3342| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3343| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3344| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3345| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3346| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3347| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3348| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3349| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3350| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3351| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3352| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3353| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3354| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3355| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3356| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3357| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3358| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3359| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3360| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3361| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3362| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3363| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3364| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3365| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3366| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3367| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3368| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3369| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3370| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3371| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3372| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3373| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3374| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3375| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3376| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3377| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3378| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3379| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3380| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3381| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3382| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3383| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3384| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3385| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3386| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3387| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3388| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3389| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3390| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3391| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3392| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3393| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3394| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3395| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3396| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3397| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3398| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3399| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3400| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3401| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3402| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3403| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3404| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3405| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3406| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3407| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3408| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3409| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3410| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3411| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3412| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3413| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3414| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3415| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3416| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3417| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3418| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3419| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3420| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3421| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3422| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3423| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3424| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3425| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3426| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3427| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3428| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3429| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3430| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3431| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3432| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3433| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3434| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3435| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3436| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3437| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3438| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3439| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3440| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3441| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3442| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3443| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3444| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3445| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3446| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3447| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3448| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3449| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3450| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3451| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3452| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3453| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3454| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3455| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3456| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3457| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3458| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3459| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3460| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3461| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3462| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3463| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3464| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3465| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3466| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3467| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3468| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3469| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3470| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3471| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3472| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3473| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3474| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3475| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3476| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3477| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3478| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3479| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3480| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3481| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3482| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3483| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3484| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3485| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3486| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3487| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3488| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3489| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3490| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3491| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3492| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3493| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3494| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3495| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3496| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3497| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3498| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3499| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3500| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3501| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3502| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3503| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3504| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3505| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3506| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3507| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3508| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3509| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3510| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3511| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3512| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3513| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3514| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3515| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3516| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3517| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3518| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3519| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3520| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3521| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3522| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3523| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3524| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3525| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3526| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3527| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3528| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3529| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3530| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3531| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3532| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3533| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3534| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3535| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3536| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3537| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3538| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3539| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3540| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3541| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3542| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3543| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3544| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3545| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3546| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3547| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3548| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3549| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3550| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3551| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3552| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3553| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3554| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3555| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3556| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3557| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3558| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3559| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3560| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3561| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3562| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3563| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3564| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3565| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3566| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3567| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3568| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3569| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3570| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3571| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3572| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3573| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3574| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3575| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3576| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3577| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3578| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3579| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3580| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3581| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3582| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3583| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3584| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3585| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3586| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3587| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3588| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3589| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3590| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3591| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3592| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3593| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3594| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3595| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3596| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3597| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3598| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3599| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3600| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3601| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3602| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3603| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3604| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3605| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3606| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3607| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3608| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3609| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3610| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3611| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3612| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3613| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3614| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3615| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3616| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3617| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3618| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3619| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3620| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3621| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3622| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3623| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3624| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3625| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3626| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3627| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3628| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3629| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3630| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3631| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3632| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3633| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3634| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3635| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3636| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3637| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3638| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3639| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3640| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3641| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3642| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3643| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3644| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3645| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3646| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3647| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3648| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3649| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3650| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3651| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3652| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3653| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3654| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3655| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3656| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3657| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3658| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3659| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3660| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3661| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3662| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3663| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3664| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3665| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3666| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3667| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3668| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3669| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3670| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3671| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3672| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3673| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3674| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3675| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3676| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3677| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3678| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3679| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3680| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3681| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3682| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3683| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3684| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3685| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3686| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3687| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3688| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3689| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3690| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3691| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3692| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3693| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3694| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3695| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3696| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3697| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3698| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3699| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3700| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3701| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3702| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3703| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3704| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3705| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3706| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3707| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3708| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3709| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3710| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3711| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3712| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3713| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3714| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3715| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3716| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3717| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3718| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3719| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3720| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3721| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3722| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3723| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3724| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3725| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3726| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3727| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3728| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3729| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3730| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3731| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3732| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3733| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3734| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3735| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3736| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3737| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3738| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3739| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3740| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3741| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3742| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3743| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3744| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3745| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3746| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3747| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3748| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3749| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3750| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3751| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3752| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3753| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3754| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3755| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3756| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3757| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3758| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3759| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3760| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3761| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3762| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3763| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3764| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3765| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3766| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3767| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3768| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3769| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3770| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3771| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3772| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3773| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3774| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3775| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3776| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3777| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3778| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3779| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3780| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3781| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3782| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3783| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3784| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3785| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3786| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3787| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3788| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3789| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3790| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3791| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3792| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3793| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3794| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3795| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3796| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3797| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3798| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3799| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3800| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3801| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3802| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3803| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3804| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3805| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3806| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3807| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3808| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3809| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3810| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3811| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3812| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3813| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3814| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3815| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3816| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3817| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3818| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3819| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3820| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3821| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3822| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3823| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3824| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3825| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3826| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3827| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3828| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3829| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3830| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3831| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3832| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3833| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3834| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3835| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3836| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3837| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3838| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3839| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3840| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3841| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3842| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3843| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3844| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3845| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3846| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3847| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3848| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3849| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3850| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3851| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3852| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3853| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3854| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3855| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3856| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3857| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3858| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3859| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3860| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3861| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3862| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3863| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3864| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3865| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3866| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3867| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3868| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3869| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3870| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3871| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3872| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3873| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3874| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3875| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3876| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3877| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3878| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3879| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3880| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3881| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3882| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3883| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3884| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3885| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3886| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3887| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3888| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3889| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3890| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3891| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3892| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3893| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3894| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3895| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3896| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3897| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3898| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3899| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3900| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3901| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3902| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3903| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3904| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3905| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3906| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3907|
3908| SecurityFocus - https://www.securityfocus.com/bid/:
3909| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3910| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3911| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3912| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3913| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3914| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3915| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3916| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3917| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3918| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3919| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3920| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3921| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3922| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3923| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3924| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3925| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3926| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3927| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3928| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3929| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3930| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3931| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3932| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3933| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3934| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3935| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3936| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3937| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3938| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3939| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3940| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3941| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3942| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3943| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3944| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3945| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3946| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3947| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3948| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3949| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3950| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3951| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3952| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3953| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3954| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3955| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3956| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3957| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3958| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3959| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3960| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3961| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3962| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3963| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3964| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3965| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3966| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3967| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3968| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3969| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3970| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3971| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3972| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3973| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3974| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3975| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3976| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3977| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3978| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3979| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3980| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3981| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3982| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3983| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3984| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3985| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3986| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3987| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3988| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3989| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3990| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3991| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3992| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3993| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3994| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3995| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3996| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3997| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3998| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3999| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4000| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4001| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4002| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4003| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4004| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4005| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4006| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4007| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4008| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4009| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4010| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4011| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4012| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4013| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4014| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4015| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4016| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4017| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4018| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4019| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4020| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4021| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4022| [100447] Apache2Triad Multiple Security Vulnerabilities
4023| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4024| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4025| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4026| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4027| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4028| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4029| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4030| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4031| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4032| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4033| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4034| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4035| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4036| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4037| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4038| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4039| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4040| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4041| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4042| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4043| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4044| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4045| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4046| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4047| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4048| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4049| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4050| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4051| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4052| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4053| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4054| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4055| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4056| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4057| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4058| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4059| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4060| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4061| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4062| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4063| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4064| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4065| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4066| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4067| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4068| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4069| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4070| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4071| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4072| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4073| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4074| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4075| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4076| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4077| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4078| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4079| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4080| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4081| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4082| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4083| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4084| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4085| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4086| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4087| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4088| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4089| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4090| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4091| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4092| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4093| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4094| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4095| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4096| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4097| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4098| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4099| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4100| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4101| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4102| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4103| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4104| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4105| [95675] Apache Struts Remote Code Execution Vulnerability
4106| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4107| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4108| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4109| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4110| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4111| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4112| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4113| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4114| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4115| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4116| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4117| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4118| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4119| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4120| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4121| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4122| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4123| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4124| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4125| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4126| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4127| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4128| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4129| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4130| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4131| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4132| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4133| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4134| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4135| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4136| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4137| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4138| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4139| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4140| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4141| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4142| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4143| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4144| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4145| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4146| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4147| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4148| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4149| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4150| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4151| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4152| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4153| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4154| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4155| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4156| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4157| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4158| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4159| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4160| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4161| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4162| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4163| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4164| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4165| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4166| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4167| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4168| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4169| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4170| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4171| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4172| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4173| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4174| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4175| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4176| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4177| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4178| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4179| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4180| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4181| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4182| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4183| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4184| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4185| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4186| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4187| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4188| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4189| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4190| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4191| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4192| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4193| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4194| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4195| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4196| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4197| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4198| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4199| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4200| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4201| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4202| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4203| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4204| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4205| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4206| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4207| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4208| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4209| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4210| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4211| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4212| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4213| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4214| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4215| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4216| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4217| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4218| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4219| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4220| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4221| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4222| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4223| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4224| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4225| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4226| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4227| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4228| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4229| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4230| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4231| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4232| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4233| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4234| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4235| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4236| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4237| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4238| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4239| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4240| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4241| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4242| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4243| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4244| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4245| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4246| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4247| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4248| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4249| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4250| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4251| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4252| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4253| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4254| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4255| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4256| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4257| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4258| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4259| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4260| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4261| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4262| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4263| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4264| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4265| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4266| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4267| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4268| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4269| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4270| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4271| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4272| [76933] Apache James Server Unspecified Command Execution Vulnerability
4273| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4274| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4275| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4276| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4277| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4278| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4279| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4280| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4281| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4282| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4283| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4284| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4285| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4286| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4287| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4288| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4289| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4290| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4291| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4292| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4293| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4294| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4295| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4296| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4297| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4298| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4299| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4300| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4301| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4302| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4303| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4304| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4305| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4306| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4307| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4308| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4309| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4310| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4311| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4312| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4313| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4314| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4315| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4316| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4317| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4318| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4319| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4320| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4321| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4322| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4323| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4324| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4325| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4326| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4327| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4328| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4329| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4330| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4331| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4332| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4333| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4334| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4335| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4336| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4337| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4338| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4339| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4340| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4341| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4342| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4343| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4344| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4345| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4346| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4347| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4348| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4349| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4350| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4351| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4352| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4353| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4354| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4355| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4356| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4357| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4358| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4359| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4360| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4361| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4362| [68229] Apache Harmony PRNG Entropy Weakness
4363| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4364| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4365| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4366| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4367| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4368| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4369| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4370| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4371| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4372| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4373| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4374| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4375| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4376| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4377| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4378| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4379| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4380| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4381| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4382| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4383| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4384| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4385| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4386| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4387| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4388| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4389| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4390| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4391| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4392| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4393| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4394| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4395| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4396| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4397| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4398| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4399| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4400| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4401| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4402| [64780] Apache CloudStack Unauthorized Access Vulnerability
4403| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4404| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4405| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4406| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4407| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4408| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4409| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4410| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4411| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4412| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4413| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4414| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4415| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4416| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4417| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4418| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4419| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4420| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4421| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4422| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4423| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4424| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4425| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4426| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4427| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4428| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4429| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4430| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4431| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4432| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4433| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4434| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4435| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4436| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4437| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4438| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4439| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4440| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4441| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4442| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4443| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4444| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4445| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4446| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4447| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4448| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4449| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4450| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4451| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4452| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4453| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4454| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4455| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4456| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4457| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4458| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4459| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4460| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4461| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4462| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4463| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4464| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4465| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4466| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4467| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4468| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4469| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4470| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4471| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4472| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4473| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4474| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4475| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4476| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4477| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4478| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4479| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4480| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4481| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4482| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4483| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4484| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4485| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4486| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4487| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4488| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4489| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4490| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4491| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4492| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4493| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4494| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4495| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4496| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4497| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4498| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4499| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4500| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4501| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4502| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4503| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4504| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4505| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4506| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4507| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4508| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4509| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4510| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4511| [54798] Apache Libcloud Man In The Middle Vulnerability
4512| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4513| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4514| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4515| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4516| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4517| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4518| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4519| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4520| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4521| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4522| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4523| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4524| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4525| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4526| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4527| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4528| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4529| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4530| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4531| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4532| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4533| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4534| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4535| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4536| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4537| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4538| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4539| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4540| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4541| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4542| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4543| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4544| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4545| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4546| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4547| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4548| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4549| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4550| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4551| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4552| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4553| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4554| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4555| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4556| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4557| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4558| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4559| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4560| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4561| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4562| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4563| [49290] Apache Wicket Cross Site Scripting Vulnerability
4564| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4565| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4566| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4567| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4568| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4569| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4570| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4571| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4572| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4573| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4574| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4575| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4576| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4577| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4578| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4579| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4580| [46953] Apache MPM-ITK Module Security Weakness
4581| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4582| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4583| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4584| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4585| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4586| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4587| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4588| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4589| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4590| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4591| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4592| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4593| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4594| [44616] Apache Shiro Directory Traversal Vulnerability
4595| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4596| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4597| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4598| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4599| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4600| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4601| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4602| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4603| [42492] Apache CXF XML DTD Processing Security Vulnerability
4604| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4605| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4606| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4607| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4608| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4609| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4610| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4611| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4612| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4613| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4614| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4615| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4616| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4617| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4618| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4619| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4620| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4621| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4622| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4623| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4624| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4625| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4626| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4627| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4628| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4629| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4630| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4631| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4632| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4633| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4634| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4635| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4636| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4637| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4638| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4639| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4640| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4641| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4642| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4643| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4644| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4645| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4646| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4647| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4648| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4649| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4650| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4651| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4652| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4653| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4654| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4655| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4656| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4657| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4658| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4659| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4660| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4661| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4662| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4663| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4664| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4665| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4666| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4667| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4668| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4669| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4670| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4671| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4672| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4673| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4674| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4675| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4676| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4677| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4678| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4679| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4680| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4681| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4682| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4683| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4684| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4685| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4686| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4687| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4688| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4689| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4690| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4691| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4692| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4693| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4694| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4695| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4696| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4697| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4698| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4699| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4700| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4701| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4702| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4703| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4704| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4705| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4706| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4707| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4708| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4709| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4710| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4711| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4712| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4713| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4714| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4715| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4716| [20527] Apache Mod_TCL Remote Format String Vulnerability
4717| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4718| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4719| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4720| [19106] Apache Tomcat Information Disclosure Vulnerability
4721| [18138] Apache James SMTP Denial Of Service Vulnerability
4722| [17342] Apache Struts Multiple Remote Vulnerabilities
4723| [17095] Apache Log4Net Denial Of Service Vulnerability
4724| [16916] Apache mod_python FileSession Code Execution Vulnerability
4725| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4726| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4727| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4728| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4729| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4730| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4731| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4732| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4733| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4734| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4735| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4736| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4737| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4738| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4739| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4740| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4741| [14106] Apache HTTP Request Smuggling Vulnerability
4742| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4743| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4744| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4745| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4746| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4747| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4748| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4749| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4750| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4751| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4752| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4753| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4754| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4755| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4756| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4757| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4758| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4759| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4760| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4761| [11094] Apache mod_ssl Denial Of Service Vulnerability
4762| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4763| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4764| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4765| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4766| [10478] ClueCentral Apache Suexec Patch Security Weakness
4767| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4768| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4769| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4770| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4771| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4772| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4773| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4774| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4775| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4776| [9733] Apache Cygwin Directory Traversal Vulnerability
4777| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4778| [9590] Apache-SSL Client Certificate Forging Vulnerability
4779| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4780| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4781| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4782| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4783| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4784| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4785| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4786| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4787| [8898] Red Hat Apache Directory Index Default Configuration Error
4788| [8883] Apache Cocoon Directory Traversal Vulnerability
4789| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4790| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4791| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4792| [8707] Apache htpasswd Password Entropy Weakness
4793| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4794| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4795| [8226] Apache HTTP Server Multiple Vulnerabilities
4796| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4797| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4798| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4799| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4800| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4801| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4802| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4803| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4804| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4805| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4806| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4807| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4808| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4809| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4810| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4811| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4812| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4813| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4814| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4815| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4816| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4817| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4818| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4819| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4820| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4821| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4822| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4823| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4824| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4825| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4826| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4827| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4828| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4829| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4830| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4831| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4832| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4833| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4834| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4835| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4836| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4837| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4838| [5485] Apache 2.0 Path Disclosure Vulnerability
4839| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4840| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4841| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4842| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4843| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4844| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4845| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4846| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4847| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4848| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4849| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4850| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4851| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4852| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4853| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4854| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4855| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4856| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4857| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4858| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4859| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4860| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4861| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4862| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4863| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4864| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4865| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4866| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4867| [3596] Apache Split-Logfile File Append Vulnerability
4868| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4869| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4870| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4871| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4872| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4873| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4874| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4875| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4876| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4877| [3169] Apache Server Address Disclosure Vulnerability
4878| [3009] Apache Possible Directory Index Disclosure Vulnerability
4879| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4880| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4881| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4882| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4883| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4884| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4885| [2216] Apache Web Server DoS Vulnerability
4886| [2182] Apache /tmp File Race Vulnerability
4887| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4888| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4889| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4890| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4891| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4892| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4893| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4894| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4895| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4896| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4897| [1457] Apache::ASP source.asp Example Script Vulnerability
4898| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4899| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4900|
4901| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4902| [86258] Apache CloudStack text fields cross-site scripting
4903| [85983] Apache Subversion mod_dav_svn module denial of service
4904| [85875] Apache OFBiz UEL code execution
4905| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4906| [85871] Apache HTTP Server mod_session_dbd unspecified
4907| [85756] Apache Struts OGNL expression command execution
4908| [85755] Apache Struts DefaultActionMapper class open redirect
4909| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4910| [85574] Apache HTTP Server mod_dav denial of service
4911| [85573] Apache Struts Showcase App OGNL code execution
4912| [85496] Apache CXF denial of service
4913| [85423] Apache Geronimo RMI classloader code execution
4914| [85326] Apache Santuario XML Security for C++ buffer overflow
4915| [85323] Apache Santuario XML Security for Java spoofing
4916| [85319] Apache Qpid Python client SSL spoofing
4917| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4918| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4919| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4920| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4921| [84952] Apache Tomcat CVE-2012-3544 denial of service
4922| [84763] Apache Struts CVE-2013-2135 security bypass
4923| [84762] Apache Struts CVE-2013-2134 security bypass
4924| [84719] Apache Subversion CVE-2013-2088 command execution
4925| [84718] Apache Subversion CVE-2013-2112 denial of service
4926| [84717] Apache Subversion CVE-2013-1968 denial of service
4927| [84577] Apache Tomcat security bypass
4928| [84576] Apache Tomcat symlink
4929| [84543] Apache Struts CVE-2013-2115 security bypass
4930| [84542] Apache Struts CVE-2013-1966 security bypass
4931| [84154] Apache Tomcat session hijacking
4932| [84144] Apache Tomcat denial of service
4933| [84143] Apache Tomcat information disclosure
4934| [84111] Apache HTTP Server command execution
4935| [84043] Apache Virtual Computing Lab cross-site scripting
4936| [84042] Apache Virtual Computing Lab cross-site scripting
4937| [83782] Apache CloudStack information disclosure
4938| [83781] Apache CloudStack security bypass
4939| [83720] Apache ActiveMQ cross-site scripting
4940| [83719] Apache ActiveMQ denial of service
4941| [83718] Apache ActiveMQ denial of service
4942| [83263] Apache Subversion denial of service
4943| [83262] Apache Subversion denial of service
4944| [83261] Apache Subversion denial of service
4945| [83259] Apache Subversion denial of service
4946| [83035] Apache mod_ruid2 security bypass
4947| [82852] Apache Qpid federation_tag security bypass
4948| [82851] Apache Qpid qpid::framing::Buffer denial of service
4949| [82758] Apache Rave User RPC API information disclosure
4950| [82663] Apache Subversion svn_fs_file_length() denial of service
4951| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4952| [82641] Apache Qpid AMQP denial of service
4953| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4954| [82618] Apache Commons FileUpload symlink
4955| [82360] Apache HTTP Server manager interface cross-site scripting
4956| [82359] Apache HTTP Server hostnames cross-site scripting
4957| [82338] Apache Tomcat log/logdir information disclosure
4958| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4959| [82268] Apache OpenJPA deserialization command execution
4960| [81981] Apache CXF UsernameTokens security bypass
4961| [81980] Apache CXF WS-Security security bypass
4962| [81398] Apache OFBiz cross-site scripting
4963| [81240] Apache CouchDB directory traversal
4964| [81226] Apache CouchDB JSONP code execution
4965| [81225] Apache CouchDB Futon user interface cross-site scripting
4966| [81211] Apache Axis2/C SSL spoofing
4967| [81167] Apache CloudStack DeployVM information disclosure
4968| [81166] Apache CloudStack AddHost API information disclosure
4969| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4970| [80518] Apache Tomcat cross-site request forgery security bypass
4971| [80517] Apache Tomcat FormAuthenticator security bypass
4972| [80516] Apache Tomcat NIO denial of service
4973| [80408] Apache Tomcat replay-countermeasure security bypass
4974| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4975| [80317] Apache Tomcat slowloris denial of service
4976| [79984] Apache Commons HttpClient SSL spoofing
4977| [79983] Apache CXF SSL spoofing
4978| [79830] Apache Axis2/Java SSL spoofing
4979| [79829] Apache Axis SSL spoofing
4980| [79809] Apache Tomcat DIGEST security bypass
4981| [79806] Apache Tomcat parseHeaders() denial of service
4982| [79540] Apache OFBiz unspecified
4983| [79487] Apache Axis2 SAML security bypass
4984| [79212] Apache Cloudstack code execution
4985| [78734] Apache CXF SOAP Action security bypass
4986| [78730] Apache Qpid broker denial of service
4987| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4988| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4989| [78562] Apache mod_pagespeed module security bypass
4990| [78454] Apache Axis2 security bypass
4991| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4992| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4993| [78321] Apache Wicket unspecified cross-site scripting
4994| [78183] Apache Struts parameters denial of service
4995| [78182] Apache Struts cross-site request forgery
4996| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4997| [77987] mod_rpaf module for Apache denial of service
4998| [77958] Apache Struts skill name code execution
4999| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5000| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5001| [77568] Apache Qpid broker security bypass
5002| [77421] Apache Libcloud spoofing
5003| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5004| [77046] Oracle Solaris Apache HTTP Server information disclosure
5005| [76837] Apache Hadoop information disclosure
5006| [76802] Apache Sling CopyFrom denial of service
5007| [76692] Apache Hadoop symlink
5008| [76535] Apache Roller console cross-site request forgery
5009| [76534] Apache Roller weblog cross-site scripting
5010| [76152] Apache CXF elements security bypass
5011| [76151] Apache CXF child policies security bypass
5012| [75983] MapServer for Windows Apache file include
5013| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5014| [75558] Apache POI denial of service
5015| [75545] PHP apache_request_headers() buffer overflow
5016| [75302] Apache Qpid SASL security bypass
5017| [75211] Debian GNU/Linux apache 2 cross-site scripting
5018| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5019| [74871] Apache OFBiz FlexibleStringExpander code execution
5020| [74870] Apache OFBiz multiple cross-site scripting
5021| [74750] Apache Hadoop unspecified spoofing
5022| [74319] Apache Struts XSLTResult.java file upload
5023| [74313] Apache Traffic Server header buffer overflow
5024| [74276] Apache Wicket directory traversal
5025| [74273] Apache Wicket unspecified cross-site scripting
5026| [74181] Apache HTTP Server mod_fcgid module denial of service
5027| [73690] Apache Struts OGNL code execution
5028| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5029| [73100] Apache MyFaces in directory traversal
5030| [73096] Apache APR hash denial of service
5031| [73052] Apache Struts name cross-site scripting
5032| [73030] Apache CXF UsernameToken security bypass
5033| [72888] Apache Struts lastName cross-site scripting
5034| [72758] Apache HTTP Server httpOnly information disclosure
5035| [72757] Apache HTTP Server MPM denial of service
5036| [72585] Apache Struts ParameterInterceptor security bypass
5037| [72438] Apache Tomcat Digest security bypass
5038| [72437] Apache Tomcat Digest security bypass
5039| [72436] Apache Tomcat DIGEST security bypass
5040| [72425] Apache Tomcat parameter denial of service
5041| [72422] Apache Tomcat request object information disclosure
5042| [72377] Apache HTTP Server scoreboard security bypass
5043| [72345] Apache HTTP Server HTTP request denial of service
5044| [72229] Apache Struts ExceptionDelegator command execution
5045| [72089] Apache Struts ParameterInterceptor directory traversal
5046| [72088] Apache Struts CookieInterceptor command execution
5047| [72047] Apache Geronimo hash denial of service
5048| [72016] Apache Tomcat hash denial of service
5049| [71711] Apache Struts OGNL expression code execution
5050| [71654] Apache Struts interfaces security bypass
5051| [71620] Apache ActiveMQ failover denial of service
5052| [71617] Apache HTTP Server mod_proxy module information disclosure
5053| [71508] Apache MyFaces EL security bypass
5054| [71445] Apache HTTP Server mod_proxy security bypass
5055| [71203] Apache Tomcat servlets privilege escalation
5056| [71181] Apache HTTP Server ap_pregsub() denial of service
5057| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5058| [70336] Apache HTTP Server mod_proxy information disclosure
5059| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5060| [69472] Apache Tomcat AJP security bypass
5061| [69396] Apache HTTP Server ByteRange filter denial of service
5062| [69394] Apache Wicket multi window support cross-site scripting
5063| [69176] Apache Tomcat XML information disclosure
5064| [69161] Apache Tomcat jsvc information disclosure
5065| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5066| [68541] Apache Tomcat sendfile information disclosure
5067| [68420] Apache XML Security denial of service
5068| [68238] Apache Tomcat JMX information disclosure
5069| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5070| [67804] Apache Subversion control rules information disclosure
5071| [67803] Apache Subversion control rules denial of service
5072| [67802] Apache Subversion baselined denial of service
5073| [67672] Apache Archiva multiple cross-site scripting
5074| [67671] Apache Archiva multiple cross-site request forgery
5075| [67564] Apache APR apr_fnmatch() denial of service
5076| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5077| [67515] Apache Tomcat annotations security bypass
5078| [67480] Apache Struts s:submit information disclosure
5079| [67414] Apache APR apr_fnmatch() denial of service
5080| [67356] Apache Struts javatemplates cross-site scripting
5081| [67354] Apache Struts Xwork cross-site scripting
5082| [66676] Apache Tomcat HTTP BIO information disclosure
5083| [66675] Apache Tomcat web.xml security bypass
5084| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5085| [66241] Apache HttpComponents information disclosure
5086| [66154] Apache Tomcat ServletSecurity security bypass
5087| [65971] Apache Tomcat ServletSecurity security bypass
5088| [65876] Apache Subversion mod_dav_svn denial of service
5089| [65343] Apache Continuum unspecified cross-site scripting
5090| [65162] Apache Tomcat NIO connector denial of service
5091| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5092| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5093| [65159] Apache Tomcat ServletContect security bypass
5094| [65050] Apache CouchDB web-based administration UI cross-site scripting
5095| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5096| [64473] Apache Subversion blame -g denial of service
5097| [64472] Apache Subversion walk() denial of service
5098| [64407] Apache Axis2 CVE-2010-0219 code execution
5099| [63926] Apache Archiva password privilege escalation
5100| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5101| [63493] Apache Archiva credentials cross-site request forgery
5102| [63477] Apache Tomcat HttpOnly session hijacking
5103| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5104| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5105| [62959] Apache Shiro filters security bypass
5106| [62790] Apache Perl cgi module denial of service
5107| [62576] Apache Qpid exchange denial of service
5108| [62575] Apache Qpid AMQP denial of service
5109| [62354] Apache Qpid SSL denial of service
5110| [62235] Apache APR-util apr_brigade_split_line() denial of service
5111| [62181] Apache XML-RPC SAX Parser information disclosure
5112| [61721] Apache Traffic Server cache poisoning
5113| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5114| [61186] Apache CouchDB Futon cross-site request forgery
5115| [61169] Apache CXF DTD denial of service
5116| [61070] Apache Jackrabbit search.jsp SQL injection
5117| [61006] Apache SLMS Quoting cross-site request forgery
5118| [60962] Apache Tomcat time cross-site scripting
5119| [60883] Apache mod_proxy_http information disclosure
5120| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5121| [60264] Apache Tomcat Transfer-Encoding denial of service
5122| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5123| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5124| [59413] Apache mod_proxy_http timeout information disclosure
5125| [59058] Apache MyFaces unencrypted view state cross-site scripting
5126| [58827] Apache Axis2 xsd file include
5127| [58790] Apache Axis2 modules cross-site scripting
5128| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5129| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5130| [58056] Apache ActiveMQ .jsp source code disclosure
5131| [58055] Apache Tomcat realm name information disclosure
5132| [58046] Apache HTTP Server mod_auth_shadow security bypass
5133| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5134| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5135| [57429] Apache CouchDB algorithms information disclosure
5136| [57398] Apache ActiveMQ Web console cross-site request forgery
5137| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5138| [56653] Apache HTTP Server DNS spoofing
5139| [56652] Apache HTTP Server DNS cross-site scripting
5140| [56625] Apache HTTP Server request header information disclosure
5141| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5142| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5143| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5144| [55857] Apache Tomcat WAR files directory traversal
5145| [55856] Apache Tomcat autoDeploy attribute security bypass
5146| [55855] Apache Tomcat WAR directory traversal
5147| [55210] Intuit component for Joomla! Apache information disclosure
5148| [54533] Apache Tomcat 404 error page cross-site scripting
5149| [54182] Apache Tomcat admin default password
5150| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5151| [53666] Apache HTTP Server Solaris pollset support denial of service
5152| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5153| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5154| [53041] mod_proxy_ftp module for Apache denial of service
5155| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5156| [51953] Apache Tomcat Path Disclosure
5157| [51952] Apache Tomcat Path Traversal
5158| [51951] Apache stronghold-status Information Disclosure
5159| [51950] Apache stronghold-info Information Disclosure
5160| [51949] Apache PHP Source Code Disclosure
5161| [51948] Apache Multiviews Attack
5162| [51946] Apache JServ Environment Status Information Disclosure
5163| [51945] Apache error_log Information Disclosure
5164| [51944] Apache Default Installation Page Pattern Found
5165| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5166| [51942] Apache AXIS XML External Entity File Retrieval
5167| [51941] Apache AXIS Sample Servlet Information Leak
5168| [51940] Apache access_log Information Disclosure
5169| [51626] Apache mod_deflate denial of service
5170| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5171| [51365] Apache Tomcat RequestDispatcher security bypass
5172| [51273] Apache HTTP Server Incomplete Request denial of service
5173| [51195] Apache Tomcat XML information disclosure
5174| [50994] Apache APR-util xml/apr_xml.c denial of service
5175| [50993] Apache APR-util apr_brigade_vprintf denial of service
5176| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5177| [50930] Apache Tomcat j_security_check information disclosure
5178| [50928] Apache Tomcat AJP denial of service
5179| [50884] Apache HTTP Server XML ENTITY denial of service
5180| [50808] Apache HTTP Server AllowOverride privilege escalation
5181| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5182| [50059] Apache mod_proxy_ajp information disclosure
5183| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5184| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5185| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5186| [49921] Apache ActiveMQ Web interface cross-site scripting
5187| [49898] Apache Geronimo Services/Repository directory traversal
5188| [49725] Apache Tomcat mod_jk module information disclosure
5189| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5190| [49712] Apache Struts unspecified cross-site scripting
5191| [49213] Apache Tomcat cal2.jsp cross-site scripting
5192| [48934] Apache Tomcat POST doRead method information disclosure
5193| [48211] Apache Tomcat header HTTP request smuggling
5194| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5195| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5196| [47709] Apache Roller "
5197| [47104] Novell Netware ApacheAdmin console security bypass
5198| [47086] Apache HTTP Server OS fingerprinting unspecified
5199| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5200| [45791] Apache Tomcat RemoteFilterValve security bypass
5201| [44435] Oracle WebLogic Apache Connector buffer overflow
5202| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5203| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5204| [44156] Apache Tomcat RequestDispatcher directory traversal
5205| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5206| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5207| [42987] Apache HTTP Server mod_proxy module denial of service
5208| [42915] Apache Tomcat JSP files path disclosure
5209| [42914] Apache Tomcat MS-DOS path disclosure
5210| [42892] Apache Tomcat unspecified unauthorized access
5211| [42816] Apache Tomcat Host Manager cross-site scripting
5212| [42303] Apache 403 error cross-site scripting
5213| [41618] Apache-SSL ExpandCert() authentication bypass
5214| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5215| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5216| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5217| [40562] Apache Geronimo init information disclosure
5218| [40478] Novell Web Manager webadmin-apache.conf security bypass
5219| [40411] Apache Tomcat exception handling information disclosure
5220| [40409] Apache Tomcat native (APR based) connector weak security
5221| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5222| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5223| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5224| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5225| [39804] Apache Tomcat SingleSignOn information disclosure
5226| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5227| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5228| [39608] Apache HTTP Server balancer manager cross-site request forgery
5229| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5230| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5231| [39472] Apache HTTP Server mod_status cross-site scripting
5232| [39201] Apache Tomcat JULI logging weak security
5233| [39158] Apache HTTP Server Windows SMB shares information disclosure
5234| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5235| [38951] Apache::AuthCAS Perl module cookie SQL injection
5236| [38800] Apache HTTP Server 413 error page cross-site scripting
5237| [38211] Apache Geronimo SQLLoginModule authentication bypass
5238| [37243] Apache Tomcat WebDAV directory traversal
5239| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5240| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5241| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5242| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5243| [36782] Apache Geronimo MEJB unauthorized access
5244| [36586] Apache HTTP Server UTF-7 cross-site scripting
5245| [36468] Apache Geronimo LoginModule security bypass
5246| [36467] Apache Tomcat functions.jsp cross-site scripting
5247| [36402] Apache Tomcat calendar cross-site request forgery
5248| [36354] Apache HTTP Server mod_proxy module denial of service
5249| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5250| [36336] Apache Derby lock table privilege escalation
5251| [36335] Apache Derby schema privilege escalation
5252| [36006] Apache Tomcat "
5253| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5254| [35999] Apache Tomcat \"
5255| [35795] Apache Tomcat CookieExample cross-site scripting
5256| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5257| [35384] Apache HTTP Server mod_cache module denial of service
5258| [35097] Apache HTTP Server mod_status module cross-site scripting
5259| [35095] Apache HTTP Server Prefork MPM module denial of service
5260| [34984] Apache HTTP Server recall_headers information disclosure
5261| [34966] Apache HTTP Server MPM content spoofing
5262| [34965] Apache HTTP Server MPM information disclosure
5263| [34963] Apache HTTP Server MPM multiple denial of service
5264| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5265| [34869] Apache Tomcat JSP example Web application cross-site scripting
5266| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5267| [34496] Apache Tomcat JK Connector security bypass
5268| [34377] Apache Tomcat hello.jsp cross-site scripting
5269| [34212] Apache Tomcat SSL configuration security bypass
5270| [34210] Apache Tomcat Accept-Language cross-site scripting
5271| [34209] Apache Tomcat calendar application cross-site scripting
5272| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5273| [34167] Apache Axis WSDL file path disclosure
5274| [34068] Apache Tomcat AJP connector information disclosure
5275| [33584] Apache HTTP Server suEXEC privilege escalation
5276| [32988] Apache Tomcat proxy module directory traversal
5277| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5278| [32708] Debian Apache tty privilege escalation
5279| [32441] ApacheStats extract() PHP call unspecified
5280| [32128] Apache Tomcat default account
5281| [31680] Apache Tomcat RequestParamExample cross-site scripting
5282| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5283| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5284| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5285| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5286| [29550] Apache mod_tcl set_var() format string
5287| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5288| [28357] Apache HTTP Server mod_alias script source information disclosure
5289| [28063] Apache mod_rewrite off-by-one buffer overflow
5290| [27902] Apache Tomcat URL information disclosure
5291| [26786] Apache James SMTP server denial of service
5292| [25680] libapache2 /tmp/svn file upload
5293| [25614] Apache Struts lookupMap cross-site scripting
5294| [25613] Apache Struts ActionForm denial of service
5295| [25612] Apache Struts isCancelled() security bypass
5296| [24965] Apache mod_python FileSession command execution
5297| [24716] Apache James spooler memory leak denial of service
5298| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5299| [24158] Apache Geronimo jsp-examples cross-site scripting
5300| [24030] Apache auth_ldap module multiple format strings
5301| [24008] Apache mod_ssl custom error message denial of service
5302| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5303| [23612] Apache mod_imap referer field cross-site scripting
5304| [23173] Apache Struts error message cross-site scripting
5305| [22942] Apache Tomcat directory listing denial of service
5306| [22858] Apache Multi-Processing Module code allows denial of service
5307| [22602] RHSA-2005:582 updates for Apache httpd not installed
5308| [22520] Apache mod-auth-shadow "
5309| [22466] ApacheTop symlink
5310| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5311| [22006] Apache HTTP Server byte-range filter denial of service
5312| [21567] Apache mod_ssl off-by-one buffer overflow
5313| [21195] Apache HTTP Server header HTTP request smuggling
5314| [20383] Apache HTTP Server htdigest buffer overflow
5315| [19681] Apache Tomcat AJP12 request denial of service
5316| [18993] Apache HTTP server check_forensic symlink attack
5317| [18790] Apache Tomcat Manager cross-site scripting
5318| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5319| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5320| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5321| [17961] Apache Web server ServerTokens has not been set
5322| [17930] Apache HTTP Server HTTP GET request denial of service
5323| [17785] Apache mod_include module buffer overflow
5324| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5325| [17473] Apache HTTP Server Satisfy directive allows access to resources
5326| [17413] Apache htpasswd buffer overflow
5327| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5328| [17382] Apache HTTP Server IPv6 apr_util denial of service
5329| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5330| [17273] Apache HTTP Server speculative mode denial of service
5331| [17200] Apache HTTP Server mod_ssl denial of service
5332| [16890] Apache HTTP Server server-info request has been detected
5333| [16889] Apache HTTP Server server-status request has been detected
5334| [16705] Apache mod_ssl format string attack
5335| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5336| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5337| [16230] Apache HTTP Server PHP denial of service
5338| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5339| [15958] Apache HTTP Server authentication modules memory corruption
5340| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5341| [15540] Apache HTTP Server socket starvation denial of service
5342| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5343| [15422] Apache HTTP Server mod_access information disclosure
5344| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5345| [15293] Apache for Cygwin "
5346| [15065] Apache-SSL has a default password
5347| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5348| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5349| [14751] Apache Mod_python output filter information disclosure
5350| [14125] Apache HTTP Server mod_userdir module information disclosure
5351| [14075] Apache HTTP Server mod_php file descriptor leak
5352| [13703] Apache HTTP Server account
5353| [13689] Apache HTTP Server configuration allows symlinks
5354| [13688] Apache HTTP Server configuration allows SSI
5355| [13687] Apache HTTP Server Server: header value
5356| [13685] Apache HTTP Server ServerTokens value
5357| [13684] Apache HTTP Server ServerSignature value
5358| [13672] Apache HTTP Server config allows directory autoindexing
5359| [13671] Apache HTTP Server default content
5360| [13670] Apache HTTP Server config file directive references outside content root
5361| [13668] Apache HTTP Server httpd not running in chroot environment
5362| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5363| [13664] Apache HTTP Server config file contains ScriptAlias entry
5364| [13663] Apache HTTP Server CGI support modules loaded
5365| [13661] Apache HTTP Server config file contains AddHandler entry
5366| [13660] Apache HTTP Server 500 error page not CGI script
5367| [13659] Apache HTTP Server 413 error page not CGI script
5368| [13658] Apache HTTP Server 403 error page not CGI script
5369| [13657] Apache HTTP Server 401 error page not CGI script
5370| [13552] Apache HTTP Server mod_cgid module information disclosure
5371| [13550] Apache GET request directory traversal
5372| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5373| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5374| [13429] Apache Tomcat non-HTTP request denial of service
5375| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5376| [13295] Apache weak password encryption
5377| [13254] Apache Tomcat .jsp cross-site scripting
5378| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5379| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5380| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5381| [12662] Apache HTTP Server rotatelogs denial of service
5382| [12554] Apache Tomcat stores password in plain text
5383| [12553] Apache HTTP Server redirects and subrequests denial of service
5384| [12552] Apache HTTP Server FTP proxy server denial of service
5385| [12551] Apache HTTP Server prefork MPM denial of service
5386| [12550] Apache HTTP Server weaker than expected encryption
5387| [12549] Apache HTTP Server type-map file denial of service
5388| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5389| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5390| [12091] Apache HTTP Server apr_password_validate denial of service
5391| [12090] Apache HTTP Server apr_psprintf code execution
5392| [11804] Apache HTTP Server mod_access_referer denial of service
5393| [11750] Apache HTTP Server could leak sensitive file descriptors
5394| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5395| [11703] Apache long slash path allows directory listing
5396| [11695] Apache HTTP Server LF (Line Feed) denial of service
5397| [11694] Apache HTTP Server filestat.c denial of service
5398| [11438] Apache HTTP Server MIME message boundaries information disclosure
5399| [11412] Apache HTTP Server error log terminal escape sequence injection
5400| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5401| [11195] Apache Tomcat web.xml could be used to read files
5402| [11194] Apache Tomcat URL appended with a null character could list directories
5403| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5404| [11126] Apache HTTP Server illegal character file disclosure
5405| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5406| [11124] Apache HTTP Server DOS device name denial of service
5407| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5408| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5409| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5410| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5411| [10499] Apache HTTP Server WebDAV HTTP POST view source
5412| [10457] Apache HTTP Server mod_ssl "
5413| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5414| [10414] Apache HTTP Server htdigest multiple buffer overflows
5415| [10413] Apache HTTP Server htdigest temporary file race condition
5416| [10412] Apache HTTP Server htpasswd temporary file race condition
5417| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5418| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5419| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5420| [10280] Apache HTTP Server shared memory scorecard overwrite
5421| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5422| [10241] Apache HTTP Server Host: header cross-site scripting
5423| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5424| [10208] Apache HTTP Server mod_dav denial of service
5425| [10206] HP VVOS Apache mod_ssl denial of service
5426| [10200] Apache HTTP Server stderr denial of service
5427| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5428| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5429| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5430| [10098] Slapper worm targets OpenSSL/Apache systems
5431| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5432| [9875] Apache HTTP Server .var file request could disclose installation path
5433| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5434| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5435| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5436| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5437| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5438| [9396] Apache Tomcat null character to threads denial of service
5439| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5440| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5441| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5442| [8932] Apache Tomcat example class information disclosure
5443| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5444| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5445| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5446| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5447| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5448| [8400] Apache HTTP Server mod_frontpage buffer overflows
5449| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5450| [8308] Apache "
5451| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5452| [8119] Apache and PHP OPTIONS request reveals "
5453| [8054] Apache is running on the system
5454| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5455| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5456| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5457| [7836] Apache HTTP Server log directory denial of service
5458| [7815] Apache for Windows "
5459| [7810] Apache HTTP request could result in unexpected behavior
5460| [7599] Apache Tomcat reveals installation path
5461| [7494] Apache "
5462| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5463| [7363] Apache Web Server hidden HTTP requests
5464| [7249] Apache mod_proxy denial of service
5465| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5466| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5467| [7059] Apache "
5468| [7057] Apache "
5469| [7056] Apache "
5470| [7055] Apache "
5471| [7054] Apache "
5472| [6997] Apache Jakarta Tomcat error message may reveal information
5473| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5474| [6970] Apache crafted HTTP request could reveal the internal IP address
5475| [6921] Apache long slash path allows directory listing
5476| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5477| [6527] Apache Web Server for Windows and OS2 denial of service
5478| [6316] Apache Jakarta Tomcat may reveal JSP source code
5479| [6305] Apache Jakarta Tomcat directory traversal
5480| [5926] Linux Apache symbolic link
5481| [5659] Apache Web server discloses files when used with php script
5482| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5483| [5204] Apache WebDAV directory listings
5484| [5197] Apache Web server reveals CGI script source code
5485| [5160] Apache Jakarta Tomcat default installation
5486| [5099] Trustix Secure Linux installs Apache with world writable access
5487| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5488| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5489| [4931] Apache source.asp example file allows users to write to files
5490| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5491| [4205] Apache Jakarta Tomcat delivers file contents
5492| [2084] Apache on Debian by default serves the /usr/doc directory
5493| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5494| [697] Apache HTTP server beck exploit
5495| [331] Apache cookies buffer overflow
5496|
5497| Exploit-DB - https://www.exploit-db.com:
5498| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5499| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5500| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5501| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5502| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5503| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5504| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5505| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5506| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5507| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5508| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5509| [29859] Apache Roller OGNL Injection
5510| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5511| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5512| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5513| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5514| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5515| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5516| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5517| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5518| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5519| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5520| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5521| [27096] Apache Geronimo 1.0 Error Page XSS
5522| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5523| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5524| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5525| [25986] Plesk Apache Zeroday Remote Exploit
5526| [25980] Apache Struts includeParams Remote Code Execution
5527| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5528| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5529| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5530| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5531| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5532| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5533| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5534| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5535| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5536| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5537| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5538| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5539| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5540| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5541| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5542| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5543| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5544| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5545| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5546| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5547| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5548| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5549| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5550| [21719] Apache 2.0 Path Disclosure Vulnerability
5551| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5552| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5553| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5554| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5555| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5556| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5557| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5558| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5559| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5560| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5561| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5562| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5563| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5564| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5565| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5566| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5567| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5568| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5569| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5570| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5571| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5572| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5573| [20558] Apache 1.2 Web Server DoS Vulnerability
5574| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5575| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5576| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5577| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5578| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5579| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5580| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5581| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5582| [19231] PHP apache_request_headers Function Buffer Overflow
5583| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5584| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5585| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5586| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5587| [18442] Apache httpOnly Cookie Disclosure
5588| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5589| [18221] Apache HTTP Server Denial of Service
5590| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5591| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5592| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5593| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5594| [16782] Apache Win32 Chunked Encoding
5595| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5596| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5597| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5598| [15319] Apache 2.2 (Windows) Local Denial of Service
5599| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5600| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5601| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5602| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5603| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5604| [12330] Apache OFBiz - Multiple XSS
5605| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5606| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5607| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5608| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5609| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5610| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5611| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5612| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5613| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5614| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5615| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5616| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5617| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5618| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5619| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5620| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5621| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5622| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5623| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5624| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5625| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5626| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5627| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5628| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5629| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5630| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5631| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5632| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5633| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5634| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5635| [466] htpasswd Apache 1.3.31 - Local Exploit
5636| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5637| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5638| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5639| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5640| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5641| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5642| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5643| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5644| [9] Apache HTTP Server 2.x Memory Leak Exploit
5645|
5646| OpenVAS (Nessus) - http://www.openvas.org:
5647| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5648| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5649| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5650| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5651| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5652| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5653| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5654| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5655| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5656| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5657| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5658| [900571] Apache APR-Utils Version Detection
5659| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5660| [900496] Apache Tiles Multiple XSS Vulnerability
5661| [900493] Apache Tiles Version Detection
5662| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5663| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5664| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5665| [870175] RedHat Update for apache RHSA-2008:0004-01
5666| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5667| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5668| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5669| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5670| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5671| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5672| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5673| [855821] Solaris Update for Apache 1.3 122912-19
5674| [855812] Solaris Update for Apache 1.3 122911-19
5675| [855737] Solaris Update for Apache 1.3 122911-17
5676| [855731] Solaris Update for Apache 1.3 122912-17
5677| [855695] Solaris Update for Apache 1.3 122911-16
5678| [855645] Solaris Update for Apache 1.3 122912-16
5679| [855587] Solaris Update for kernel update and Apache 108529-29
5680| [855566] Solaris Update for Apache 116973-07
5681| [855531] Solaris Update for Apache 116974-07
5682| [855524] Solaris Update for Apache 2 120544-14
5683| [855494] Solaris Update for Apache 1.3 122911-15
5684| [855478] Solaris Update for Apache Security 114145-11
5685| [855472] Solaris Update for Apache Security 113146-12
5686| [855179] Solaris Update for Apache 1.3 122912-15
5687| [855147] Solaris Update for kernel update and Apache 108528-29
5688| [855077] Solaris Update for Apache 2 120543-14
5689| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5690| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5691| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5692| [841209] Ubuntu Update for apache2 USN-1627-1
5693| [840900] Ubuntu Update for apache2 USN-1368-1
5694| [840798] Ubuntu Update for apache2 USN-1259-1
5695| [840734] Ubuntu Update for apache2 USN-1199-1
5696| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5697| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5698| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5699| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5700| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5701| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5702| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5703| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5704| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5705| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5706| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5707| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5708| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5709| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5710| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5711| [835188] HP-UX Update for Apache HPSBUX02308
5712| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5713| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5714| [835172] HP-UX Update for Apache HPSBUX02365
5715| [835168] HP-UX Update for Apache HPSBUX02313
5716| [835148] HP-UX Update for Apache HPSBUX01064
5717| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5718| [835131] HP-UX Update for Apache HPSBUX00256
5719| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5720| [835104] HP-UX Update for Apache HPSBUX00224
5721| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5722| [835101] HP-UX Update for Apache HPSBUX01232
5723| [835080] HP-UX Update for Apache HPSBUX02273
5724| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5725| [835044] HP-UX Update for Apache HPSBUX01019
5726| [835040] HP-UX Update for Apache PHP HPSBUX00207
5727| [835025] HP-UX Update for Apache HPSBUX00197
5728| [835023] HP-UX Update for Apache HPSBUX01022
5729| [835022] HP-UX Update for Apache HPSBUX02292
5730| [835005] HP-UX Update for Apache HPSBUX02262
5731| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5732| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5733| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5734| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5735| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5736| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5737| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5738| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5739| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5740| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5741| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5742| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5743| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5744| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5745| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5746| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5747| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5748| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5749| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5750| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5751| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5752| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5753| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5754| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5755| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5756| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5757| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5758| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5759| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5760| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5761| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5762| [801942] Apache Archiva Multiple Vulnerabilities
5763| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5764| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5765| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5766| [801284] Apache Derby Information Disclosure Vulnerability
5767| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5768| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5769| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5770| [800680] Apache APR Version Detection
5771| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5772| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5773| [800677] Apache Roller Version Detection
5774| [800279] Apache mod_jk Module Version Detection
5775| [800278] Apache Struts Cross Site Scripting Vulnerability
5776| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5777| [800276] Apache Struts Version Detection
5778| [800271] Apache Struts Directory Traversal Vulnerability
5779| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5780| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5781| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5782| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5783| [103074] Apache Continuum Cross Site Scripting Vulnerability
5784| [103073] Apache Continuum Detection
5785| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5786| [101023] Apache Open For Business Weak Password security check
5787| [101020] Apache Open For Business HTML injection vulnerability
5788| [101019] Apache Open For Business service detection
5789| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5790| [100923] Apache Archiva Detection
5791| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5792| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5793| [100813] Apache Axis2 Detection
5794| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5795| [100795] Apache Derby Detection
5796| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5797| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5798| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5799| [100514] Apache Multiple Security Vulnerabilities
5800| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5801| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5802| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5803| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5804| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5805| [72612] FreeBSD Ports: apache22
5806| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5807| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5808| [71512] FreeBSD Ports: apache
5809| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5810| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5811| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5812| [70737] FreeBSD Ports: apache
5813| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5814| [70600] FreeBSD Ports: apache
5815| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5816| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5817| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5818| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5819| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5820| [67868] FreeBSD Ports: apache
5821| [66816] FreeBSD Ports: apache
5822| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5823| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5824| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5825| [66081] SLES11: Security update for Apache 2
5826| [66074] SLES10: Security update for Apache 2
5827| [66070] SLES9: Security update for Apache 2
5828| [65998] SLES10: Security update for apache2-mod_python
5829| [65893] SLES10: Security update for Apache 2
5830| [65888] SLES10: Security update for Apache 2
5831| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5832| [65510] SLES9: Security update for Apache 2
5833| [65472] SLES9: Security update for Apache
5834| [65467] SLES9: Security update for Apache
5835| [65450] SLES9: Security update for apache2
5836| [65390] SLES9: Security update for Apache2
5837| [65363] SLES9: Security update for Apache2
5838| [65309] SLES9: Security update for Apache and mod_ssl
5839| [65296] SLES9: Security update for webdav apache module
5840| [65283] SLES9: Security update for Apache2
5841| [65249] SLES9: Security update for Apache 2
5842| [65230] SLES9: Security update for Apache 2
5843| [65228] SLES9: Security update for Apache 2
5844| [65212] SLES9: Security update for apache2-mod_python
5845| [65209] SLES9: Security update for apache2-worker
5846| [65207] SLES9: Security update for Apache 2
5847| [65168] SLES9: Security update for apache2-mod_python
5848| [65142] SLES9: Security update for Apache2
5849| [65136] SLES9: Security update for Apache 2
5850| [65132] SLES9: Security update for apache
5851| [65131] SLES9: Security update for Apache 2 oes/CORE
5852| [65113] SLES9: Security update for apache2
5853| [65072] SLES9: Security update for apache and mod_ssl
5854| [65017] SLES9: Security update for Apache 2
5855| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5856| [64783] FreeBSD Ports: apache
5857| [64774] Ubuntu USN-802-2 (apache2)
5858| [64653] Ubuntu USN-813-2 (apache2)
5859| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5860| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5861| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5862| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5863| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5864| [64443] Ubuntu USN-802-1 (apache2)
5865| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5866| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5867| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5868| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5869| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5870| [64201] Ubuntu USN-787-1 (apache2)
5871| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5872| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5873| [63565] FreeBSD Ports: apache
5874| [63562] Ubuntu USN-731-1 (apache2)
5875| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5876| [61185] FreeBSD Ports: apache
5877| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5878| [60387] Slackware Advisory SSA:2008-045-02 apache
5879| [58826] FreeBSD Ports: apache-tomcat
5880| [58825] FreeBSD Ports: apache-tomcat
5881| [58804] FreeBSD Ports: apache
5882| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5883| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5884| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5885| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5886| [57335] Debian Security Advisory DSA 1167-1 (apache)
5887| [57201] Debian Security Advisory DSA 1131-1 (apache)
5888| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5889| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5890| [57145] FreeBSD Ports: apache
5891| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5892| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5893| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5894| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5895| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5896| [56067] FreeBSD Ports: apache
5897| [55803] Slackware Advisory SSA:2005-310-04 apache
5898| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5899| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5900| [55355] FreeBSD Ports: apache
5901| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5902| [55261] Debian Security Advisory DSA 805-1 (apache2)
5903| [55259] Debian Security Advisory DSA 803-1 (apache)
5904| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5905| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5906| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5907| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5908| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5909| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5910| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5911| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5912| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5913| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5914| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5915| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5916| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5917| [54439] FreeBSD Ports: apache
5918| [53931] Slackware Advisory SSA:2004-133-01 apache
5919| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5920| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5921| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5922| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5923| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5924| [53848] Debian Security Advisory DSA 131-1 (apache)
5925| [53784] Debian Security Advisory DSA 021-1 (apache)
5926| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5927| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5928| [53735] Debian Security Advisory DSA 187-1 (apache)
5929| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5930| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5931| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5932| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5933| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5934| [53282] Debian Security Advisory DSA 594-1 (apache)
5935| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5936| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5937| [53215] Debian Security Advisory DSA 525-1 (apache)
5938| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5939| [52529] FreeBSD Ports: apache+ssl
5940| [52501] FreeBSD Ports: apache
5941| [52461] FreeBSD Ports: apache
5942| [52390] FreeBSD Ports: apache
5943| [52389] FreeBSD Ports: apache
5944| [52388] FreeBSD Ports: apache
5945| [52383] FreeBSD Ports: apache
5946| [52339] FreeBSD Ports: apache+mod_ssl
5947| [52331] FreeBSD Ports: apache
5948| [52329] FreeBSD Ports: ru-apache+mod_ssl
5949| [52314] FreeBSD Ports: apache
5950| [52310] FreeBSD Ports: apache
5951| [15588] Detect Apache HTTPS
5952| [15555] Apache mod_proxy content-length buffer overflow
5953| [15554] Apache mod_include priviledge escalation
5954| [14771] Apache <= 1.3.33 htpasswd local overflow
5955| [14177] Apache mod_access rule bypass
5956| [13644] Apache mod_rootme Backdoor
5957| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5958| [12280] Apache Connection Blocking Denial of Service
5959| [12239] Apache Error Log Escape Sequence Injection
5960| [12123] Apache Tomcat source.jsp malformed request information disclosure
5961| [12085] Apache Tomcat servlet/JSP container default files
5962| [11438] Apache Tomcat Directory Listing and File disclosure
5963| [11204] Apache Tomcat Default Accounts
5964| [11092] Apache 2.0.39 Win32 directory traversal
5965| [11046] Apache Tomcat TroubleShooter Servlet Installed
5966| [11042] Apache Tomcat DOS Device Name XSS
5967| [11041] Apache Tomcat /servlet Cross Site Scripting
5968| [10938] Apache Remote Command Execution via .bat files
5969| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5970| [10773] MacOS X Finder reveals contents of Apache Web files
5971| [10766] Apache UserDir Sensitive Information Disclosure
5972| [10756] MacOS X Finder reveals contents of Apache Web directories
5973| [10752] Apache Auth Module SQL Insertion Attack
5974| [10704] Apache Directory Listing
5975| [10678] Apache /server-info accessible
5976| [10677] Apache /server-status accessible
5977| [10440] Check for Apache Multiple / vulnerability
5978|
5979| SecurityTracker - https://www.securitytracker.com:
5980| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5981| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5982| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5983| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5984| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5985| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5986| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5987| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5988| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5989| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5990| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5991| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5992| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5993| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5994| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5995| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5996| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5997| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5998| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5999| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6000| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6001| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6002| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6003| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6004| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6005| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6006| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6007| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6008| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6009| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6010| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6011| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6012| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6013| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6014| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6015| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6016| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6017| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6018| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6019| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6020| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6021| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6022| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6023| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6024| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6025| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6026| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6027| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6028| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6029| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6030| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6031| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6032| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6033| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6034| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6035| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6036| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6037| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6038| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6039| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6040| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6041| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6042| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6043| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6044| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6045| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6046| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6047| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6048| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6049| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6050| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6051| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6052| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6053| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6054| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6055| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6056| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6057| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6058| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6059| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6060| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6061| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6062| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6063| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6064| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6065| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6066| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6067| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6068| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6069| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6070| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6071| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6072| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6073| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6074| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6075| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6076| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6077| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6078| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6079| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6080| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6081| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6082| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6083| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6084| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6085| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6086| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6087| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6088| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6089| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6090| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6091| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6092| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6093| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6094| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6095| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6096| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6097| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6098| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6099| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6100| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6101| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6102| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6103| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6104| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6105| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6106| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6107| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6108| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6109| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6110| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6111| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6112| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6113| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6114| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6115| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6116| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6117| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6118| [1008920] Apache mod_digest May Validate Replayed Client Responses
6119| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6120| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6121| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6122| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6123| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6124| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6125| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6126| [1008029] Apache mod_alias Contains a Buffer Overflow
6127| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6128| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6129| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6130| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6131| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6132| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6133| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6134| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6135| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6136| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6137| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6138| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6139| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6140| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6141| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6142| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6143| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6144| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6145| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6146| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6147| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6148| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6149| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6150| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6151| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6152| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6153| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6154| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6155| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6156| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6157| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6158| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6159| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6160| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6161| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6162| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6163| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6164| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6165| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6166| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6167| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6168| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6169| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6170| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6171| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6172| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6173| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6174| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6175| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6176| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6177| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6178| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6179| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6180| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6181| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6182| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6183|
6184| OSVDB - http://www.osvdb.org:
6185| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6186| [96077] Apache CloudStack Global Settings Multiple Field XSS
6187| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6188| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6189| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6190| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6191| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6192| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6193| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6194| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6195| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6196| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6197| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6198| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6199| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6200| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6201| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6202| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6203| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6204| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6205| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6206| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6207| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6208| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6209| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6210| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6211| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6212| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6213| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6214| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6215| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6216| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6217| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6218| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6219| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6220| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6221| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6222| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6223| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6224| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6225| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6226| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6227| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6228| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6229| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6230| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6231| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6232| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6233| [94279] Apache Qpid CA Certificate Validation Bypass
6234| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6235| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6236| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6237| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6238| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6239| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6240| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6241| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6242| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6243| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6244| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6245| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6246| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6247| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6248| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6249| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6250| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6251| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6252| [93541] Apache Solr json.wrf Callback XSS
6253| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6254| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6255| [93520] Apache CloudStack Default SSL Key Weakness
6256| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6257| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6258| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6259| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6260| [93515] Apache HBase table.jsp name Parameter XSS
6261| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6262| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6263| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6264| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6265| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6266| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6267| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6268| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6269| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6270| [93252] Apache Tomcat FORM Authenticator Session Fixation
6271| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6272| [93171] Apache Sling HtmlResponse Error Message XSS
6273| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6274| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6275| [93168] Apache Click ErrorReport.java id Parameter XSS
6276| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6277| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6278| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6279| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6280| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6281| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6282| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6283| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6284| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6285| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6286| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6287| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6288| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6289| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6290| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6291| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6292| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6293| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6294| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6295| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6296| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6297| [93144] Apache Solr Admin Command Execution CSRF
6298| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6299| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6300| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6301| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6302| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6303| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6304| [92748] Apache CloudStack VM Console Access Restriction Bypass
6305| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6306| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6307| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6308| [92706] Apache ActiveMQ Debug Log Rendering XSS
6309| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6310| [92270] Apache Tomcat Unspecified CSRF
6311| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6312| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6313| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6314| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6315| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6316| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6317| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6318| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6319| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6320| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6321| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6322| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6323| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6324| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6325| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6326| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6327| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6328| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6329| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6330| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6331| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6332| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6333| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6334| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6335| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6336| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6337| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6338| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6339| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6340| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6341| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6342| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6343| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6344| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6345| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6346| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6347| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6348| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6349| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6350| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6351| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6352| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6353| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6354| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6355| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6356| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6357| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6358| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6359| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6360| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6361| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6362| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6363| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6364| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6365| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6366| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6367| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6368| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6369| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6370| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6371| [86901] Apache Tomcat Error Message Path Disclosure
6372| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6373| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6374| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6375| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6376| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6377| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6378| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6379| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6380| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6381| [85430] Apache mod_pagespeed Module Unspecified XSS
6382| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6383| [85249] Apache Wicket Unspecified XSS
6384| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6385| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6386| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6387| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6388| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6389| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6390| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6391| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6392| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6393| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6394| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6395| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6396| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6397| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6398| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6399| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6400| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6401| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6402| [83339] Apache Roller Blogger Roll Unspecified XSS
6403| [83270] Apache Roller Unspecified Admin Action CSRF
6404| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6405| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6406| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6407| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6408| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6409| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6410| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6411| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6412| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6413| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6414| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6415| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6416| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6417| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6418| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6419| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6420| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6421| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6422| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6423| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6424| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6425| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6426| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6427| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6428| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6429| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6430| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6431| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6432| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6433| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6434| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6435| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6436| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6437| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6438| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6439| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6440| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6441| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6442| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6443| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6444| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6445| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6446| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6447| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6448| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6449| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6450| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6451| [77593] Apache Struts Conversion Error OGNL Expression Injection
6452| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6453| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6454| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6455| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6456| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6457| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6458| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6459| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6460| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6461| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6462| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6463| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6464| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6465| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6466| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6467| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6468| [74725] Apache Wicket Multi Window Support Unspecified XSS
6469| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6470| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6471| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6472| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6473| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6474| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6475| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6476| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6477| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6478| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6479| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6480| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6481| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6482| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6483| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6484| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6485| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6486| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6487| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6488| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6489| [73154] Apache Archiva Multiple Unspecified CSRF
6490| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6491| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6492| [72238] Apache Struts Action / Method Names <
6493| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6494| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6495| [71557] Apache Tomcat HTML Manager Multiple XSS
6496| [71075] Apache Archiva User Management Page XSS
6497| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6498| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6499| [70924] Apache Continuum Multiple Admin Function CSRF
6500| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6501| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6502| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6503| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6504| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6505| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6506| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6507| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6508| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6509| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6510| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6511| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6512| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6513| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6514| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6515| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6516| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6517| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6518| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6519| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6520| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6521| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6522| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6523| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6524| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6525| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6526| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6527| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6528| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6529| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6530| [65054] Apache ActiveMQ Jetty Error Handler XSS
6531| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6532| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6533| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6534| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6535| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6536| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6537| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6538| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6539| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6540| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6541| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6542| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6543| [63895] Apache HTTP Server mod_headers Unspecified Issue
6544| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6545| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6546| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6547| [63140] Apache Thrift Service Malformed Data Remote DoS
6548| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6549| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6550| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6551| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6552| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6553| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6554| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6555| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6556| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6557| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6558| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6559| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6560| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6561| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6562| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6563| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6564| [60678] Apache Roller Comment Email Notification Manipulation DoS
6565| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6566| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6567| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6568| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6569| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6570| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6571| [60232] PHP on Apache php.exe Direct Request Remote DoS
6572| [60176] Apache Tomcat Windows Installer Admin Default Password
6573| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6574| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6575| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6576| [59944] Apache Hadoop jobhistory.jsp XSS
6577| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6578| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6579| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6580| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6581| [59019] Apache mod_python Cookie Salting Weakness
6582| [59018] Apache Harmony Error Message Handling Overflow
6583| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6584| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6585| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6586| [59010] Apache Solr get-file.jsp XSS
6587| [59009] Apache Solr action.jsp XSS
6588| [59008] Apache Solr analysis.jsp XSS
6589| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6590| [59006] Apache Beehive select / checkbox Tag XSS
6591| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6592| [59004] Apache Beehive Error Message XSS
6593| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6594| [59002] Apache Jetspeed default-page.psml URI XSS
6595| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6596| [59000] Apache CXF Unsigned Message Policy Bypass
6597| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6598| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6599| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6600| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6601| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6602| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6603| [58993] Apache Hadoop browseBlock.jsp XSS
6604| [58991] Apache Hadoop browseDirectory.jsp XSS
6605| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6606| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6607| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6608| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6609| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6610| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6611| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6612| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6613| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6614| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6615| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6616| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6617| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6618| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6619| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6620| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6621| [58974] Apache Sling /apps Script User Session Management Access Weakness
6622| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6623| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6624| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6625| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6626| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6627| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6628| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6629| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6630| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6631| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6632| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6633| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6634| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6635| [58805] Apache Derby Unauthenticated Database / Admin Access
6636| [58804] Apache Wicket Header Contribution Unspecified Issue
6637| [58803] Apache Wicket Session Fixation
6638| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6639| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6640| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6641| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6642| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6643| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6644| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6645| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6646| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6647| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6648| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6649| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6650| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6651| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6652| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6653| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6654| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6655| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6656| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6657| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6658| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6659| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6660| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6661| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6662| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6663| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6664| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6665| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6666| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6667| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6668| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6669| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6670| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6671| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6672| [58755] Apache Harmony DRLVM Non-public Class Member Access
6673| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6674| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6675| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6676| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6677| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6678| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6679| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6680| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6681| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6682| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6683| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6684| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6685| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6686| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6687| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6688| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6689| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6690| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6691| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6692| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6693| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6694| [58724] Apache Roller Logout Functionality Failure Session Persistence
6695| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6696| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6697| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6698| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6699| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6700| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6701| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6702| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6703| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6704| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6705| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6706| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6707| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6708| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6709| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6710| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6711| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6712| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6713| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6714| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6715| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6716| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6717| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6718| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6719| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6720| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6721| [58687] Apache Axis Invalid wsdl Request XSS
6722| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6723| [58685] Apache Velocity Template Designer Privileged Code Execution
6724| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6725| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6726| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6727| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6728| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6729| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6730| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6731| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6732| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6733| [58667] Apache Roller Database Cleartext Passwords Disclosure
6734| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6735| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6736| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6737| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6738| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6739| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6740| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6741| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6742| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6743| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6744| [56984] Apache Xerces2 Java Malformed XML Input DoS
6745| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6746| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6747| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6748| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6749| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6750| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6751| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6752| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6753| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6754| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6755| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6756| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6757| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6758| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6759| [55056] Apache Tomcat Cross-application TLD File Manipulation
6760| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6761| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6762| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6763| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6764| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6765| [54589] Apache Jserv Nonexistent JSP Request XSS
6766| [54122] Apache Struts s:a / s:url Tag href Element XSS
6767| [54093] Apache ActiveMQ Web Console JMS Message XSS
6768| [53932] Apache Geronimo Multiple Admin Function CSRF
6769| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6770| [53930] Apache Geronimo /console/portal/ URI XSS
6771| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6772| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6773| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6774| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6775| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6776| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6777| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6778| [53380] Apache Struts Unspecified XSS
6779| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6780| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6781| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6782| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6783| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6784| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6785| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6786| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6787| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6788| [51151] Apache Roller Search Function q Parameter XSS
6789| [50482] PHP with Apache php_value Order Unspecified Issue
6790| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6791| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6792| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6793| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6794| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6795| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6796| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6797| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6798| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6799| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6800| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6801| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6802| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6803| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6804| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6805| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6806| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6807| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6808| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6809| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6810| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6811| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6812| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6813| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6814| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6815| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6816| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6817| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6818| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6819| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6820| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6821| [43452] Apache Tomcat HTTP Request Smuggling
6822| [43309] Apache Geronimo LoginModule Login Method Bypass
6823| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6824| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6825| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6826| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6827| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6828| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6829| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6830| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6831| [42091] Apache Maven Site Plugin Installation Permission Weakness
6832| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6833| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6834| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6835| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6836| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6837| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6838| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6839| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6840| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6841| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6842| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6843| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6844| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6845| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6846| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6847| [40262] Apache HTTP Server mod_status refresh XSS
6848| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6849| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6850| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6851| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6852| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6853| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6854| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6855| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6856| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6857| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6858| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6859| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6860| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6861| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6862| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6863| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6864| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6865| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6866| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6867| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6868| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6869| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6870| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6871| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6872| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6873| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6874| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6875| [36079] Apache Tomcat Manager Uploaded Filename XSS
6876| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6877| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6878| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6879| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6880| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6881| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6882| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6883| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6884| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6885| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6886| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6887| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6888| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6889| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6890| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6891| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6892| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6893| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6894| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6895| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6896| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6897| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6898| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6899| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6900| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6901| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6902| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6903| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6904| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6905| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6906| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6907| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6908| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6909| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6910| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6911| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6912| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6913| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6914| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6915| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6916| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6917| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6918| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6919| [24365] Apache Struts Multiple Function Error Message XSS
6920| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6921| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6922| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6923| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6924| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6925| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6926| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6927| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6928| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6929| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6930| [22459] Apache Geronimo Error Page XSS
6931| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6932| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6933| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6934| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6935| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6936| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6937| [21021] Apache Struts Error Message XSS
6938| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6939| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6940| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6941| [20439] Apache Tomcat Directory Listing Saturation DoS
6942| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6943| [20285] Apache HTTP Server Log File Control Character Injection
6944| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6945| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6946| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6947| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6948| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6949| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6950| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6951| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6952| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6953| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6954| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6955| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6956| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6957| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6958| [18233] Apache HTTP Server htdigest user Variable Overfow
6959| [17738] Apache HTTP Server HTTP Request Smuggling
6960| [16586] Apache HTTP Server Win32 GET Overflow DoS
6961| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6962| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6963| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6964| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6965| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6966| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6967| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6968| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6969| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6970| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6971| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6972| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6973| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6974| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6975| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6976| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6977| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6978| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6979| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6980| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6981| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6982| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6983| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6984| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6985| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6986| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6987| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6988| [13304] Apache Tomcat realPath.jsp Path Disclosure
6989| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6990| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6991| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6992| [12848] Apache HTTP Server htdigest realm Variable Overflow
6993| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6994| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6995| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6996| [12557] Apache HTTP Server prefork MPM accept Error DoS
6997| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6998| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6999| [12231] Apache Tomcat web.xml Arbitrary File Access
7000| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7001| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7002| [12178] Apache Jakarta Lucene results.jsp XSS
7003| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7004| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7005| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7006| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7007| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7008| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7009| [10471] Apache Xerces-C++ XML Parser DoS
7010| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7011| [10068] Apache HTTP Server htpasswd Local Overflow
7012| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7013| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7014| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7015| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7016| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7017| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7018| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7019| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7020| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7021| [9714] Apache Authentication Module Threaded MPM DoS
7022| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7023| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7024| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7025| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7026| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7027| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7028| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7029| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7030| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7031| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7032| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7033| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7034| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7035| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7036| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7037| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7038| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7039| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7040| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7041| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7042| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7043| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7044| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7045| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7046| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7047| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7048| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7049| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7050| [9208] Apache Tomcat .jsp Encoded Newline XSS
7051| [9204] Apache Tomcat ROOT Application XSS
7052| [9203] Apache Tomcat examples Application XSS
7053| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7054| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7055| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7056| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7057| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7058| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7059| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7060| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7061| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7062| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7063| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7064| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7065| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7066| [7611] Apache HTTP Server mod_alias Local Overflow
7067| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7068| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7069| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7070| [6882] Apache mod_python Malformed Query String Variant DoS
7071| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7072| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7073| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7074| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7075| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7076| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7077| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7078| [5278] Apache Tomcat web.xml Restriction Bypass
7079| [5051] Apache Tomcat Null Character DoS
7080| [4973] Apache Tomcat servlet Mapping XSS
7081| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7082| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7083| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7084| [4568] mod_survey For Apache ENV Tags SQL Injection
7085| [4553] Apache HTTP Server ApacheBench Overflow DoS
7086| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7087| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7088| [4383] Apache HTTP Server Socket Race Condition DoS
7089| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7090| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7091| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7092| [4231] Apache Cocoon Error Page Server Path Disclosure
7093| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7094| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7095| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7096| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7097| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7098| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7099| [3322] mod_php for Apache HTTP Server Process Hijack
7100| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7101| [2885] Apache mod_python Malformed Query String DoS
7102| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7103| [2733] Apache HTTP Server mod_rewrite Local Overflow
7104| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7105| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7106| [2149] Apache::Gallery Privilege Escalation
7107| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7108| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7109| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7110| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7111| [872] Apache Tomcat Multiple Default Accounts
7112| [862] Apache HTTP Server SSI Error Page XSS
7113| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7114| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7115| [845] Apache Tomcat MSDOS Device XSS
7116| [844] Apache Tomcat Java Servlet Error Page XSS
7117| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7118| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7119| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7120| [775] Apache mod_python Module Importing Privilege Function Execution
7121| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7122| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7123| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7124| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7125| [637] Apache HTTP Server UserDir Directive Username Enumeration
7126| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7127| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7128| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7129| [561] Apache Web Servers mod_status /server-status Information Disclosure
7130| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7131| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7132| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7133| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7134| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7135| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7136| [376] Apache Tomcat contextAdmin Arbitrary File Access
7137| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7138| [222] Apache HTTP Server test-cgi Arbitrary File Access
7139| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7140| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7141|_
7142Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7143Device type: general purpose
7144Running (JUST GUESSING): Linux 4.X (87%)
7145OS CPE: cpe:/o:linux:linux_kernel:4.2
7146Aggressive OS guesses: Linux 4.2 (87%)
7147No exact OS matches for host (test conditions non-ideal).
7148Uptime guess: 24.964 days (since Mon Dec 23 16:08:55 2019)
7149TCP Sequence Prediction: Difficulty=259 (Good luck!)
7150IP ID Sequence Generation: All zeros
7151
7152TRACEROUTE (using port 80/tcp)
7153HOP RTT ADDRESS
71541 105.20 ms 10.243.204.1
71552 135.70 ms 104.245.145.177
71563 135.73 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
71574 135.75 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
71585 135.75 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
71596 135.75 ms ix-ae-16-0.tcore1.tnk-toronto.as6453.net (64.86.33.98)
71607 272.63 ms if-ae-2-2.tcore2.tnk-toronto.as6453.net (64.86.33.90)
71618 303.04 ms if-ae-8-2.tcore1.ct8-chicago.as6453.net (66.110.48.2)
71629 303.10 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
716310 194.93 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
716411 222.12 ms if-ae-18-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.73)
716512 261.50 ms if-et-5-2.hcore1.kv8-chiba.as6453.net (209.58.86.143)
716613 232.21 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
716714 261.49 ms 180.87.180.62
716815 ... 16
716917 230.59 ms 54.239.52.93
717018 203.87 ms 52.95.30.20
717119 ... 21
717222 231.46 ms 52.95.31.13
717323 232.58 ms 52.95.31.201
717424 264.76 ms 52.95.31.166
717525 273.62 ms 52.95.31.132
717626 265.59 ms 52.95.30.216
717727 ... 30
7178
7179NSE: Script Post-scanning.
7180Initiating NSE at 15:16
7181Completed NSE at 15:16, 0.00s elapsed
7182Initiating NSE at 15:16
7183Completed NSE at 15:16, 0.00s elapsed
7184#######################################################################################################################################
7185https://52.198.68.5 [200 OK] Apache, Country[UNITED STATES][US], HTML5, HTTPServer[Apache], IP[52.198.68.5], JQuery, Open-Graph-Protocol[website], Script[text/javascript], Title[HOME | VANTEC CORPORATION], X-UA-Compatible[IE=edge]
7186#######################################################################################################################################
7187Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:16 EST
7188NSE: Loaded 162 scripts for scanning.
7189NSE: Script Pre-scanning.
7190Initiating NSE at 15:16
7191Completed NSE at 15:16, 0.00s elapsed
7192Initiating NSE at 15:16
7193Completed NSE at 15:16, 0.00s elapsed
7194Initiating Parallel DNS resolution of 1 host. at 15:16
7195Completed Parallel DNS resolution of 1 host. at 15:16, 0.02s elapsed
7196Initiating SYN Stealth Scan at 15:16
7197Scanning ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5) [1 port]
7198Discovered open port 443/tcp on 52.198.68.5
7199Completed SYN Stealth Scan at 15:16, 0.23s elapsed (1 total ports)
7200Initiating Service scan at 15:16
7201Scanning 1 service on ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
7202Completed Service scan at 15:17, 13.46s elapsed (1 service on 1 host)
7203Initiating OS detection (try #1) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
7204Retrying OS detection (try #2) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
7205Initiating Traceroute at 15:17
7206Completed Traceroute at 15:17, 3.71s elapsed
7207Initiating Parallel DNS resolution of 21 hosts. at 15:17
7208Completed Parallel DNS resolution of 21 hosts. at 15:17, 0.30s elapsed
7209NSE: Script scanning 52.198.68.5.
7210Initiating NSE at 15:17
7211Completed NSE at 15:18, 91.15s elapsed
7212Initiating NSE at 15:18
7213Completed NSE at 15:18, 2.00s elapsed
7214Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
7215Host is up (0.21s latency).
7216
7217PORT STATE SERVICE VERSION
7218443/tcp open ssl/http Apache httpd
7219| http-brute:
7220|_ Path "/" does not require authentication
7221|_http-chrono: Request times for /; avg: 1680.08ms; min: 1388.90ms; max: 2293.07ms
7222| http-csrf:
7223| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com
7224| Found the following possible CSRF vulnerabilities:
7225|
7226| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/
7227| Form id: mf_form_phrase
7228| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7229|
7230| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/sustainability/compliance/
7231| Form id: mf_form_phrase
7232| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7233|
7234| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/service/
7235| Form id: mf_form_phrase
7236| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7237|
7238| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/service/transportation/
7239| Form id: mf_form_phrase
7240| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7241|
7242| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/japanese/
7243| Form id: mf_form_phrase
7244| Form action: //mf2apr02.marsflag.com/vantec__gr_jp__gr_jp/search.x
7245|
7246| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/sustainability/safety/
7247| Form id: mf_form_phrase
7248| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7249|
7250| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/aboutus/number/
7251| Form id: mf_form_phrase
7252| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7253|
7254| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/service/scm-support/
7255| Form id: mf_form_phrase
7256| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7257|
7258| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/th/
7259| Form id: mf_form_phrase
7260| Form action: //mf2apr02.marsflag.com/vantec__val__val/search.x
7261|
7262| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/career/
7263| Form id: mf_form_phrase
7264| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7265|
7266| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/service/warehousing/
7267| Form id: mf_form_phrase
7268| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7269|
7270| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/sustainability/environment/
7271| Form id: mf_form_phrase
7272| Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7273|
7274| Path: http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/vehicle/
7275| Form id: mf_form_phrase
7276|_ Form action: //mf2apr02.marsflag.com/vantec__gr_en__gr_en/search.x
7277|_http-date: Fri, 17 Jan 2020 20:17:34 GMT; -4s from local time.
7278|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
7279|_http-dombased-xss: Couldn't find any DOM based XSS.
7280|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
7281| http-errors:
7282| Spidering limited to: maxpagecount=40; withinhost=ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com
7283| Found the following error pages:
7284|
7285| Error Code: 400
7286|_ http://ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com:443/network/json/network.json
7287|_http-feed: Couldn't find any feeds.
7288|_http-fetch: Please enter the complete path of the directory to save data in.
7289| http-headers:
7290| Date: Fri, 17 Jan 2020 20:17:33 GMT
7291| Server: Apache
7292| Last-Modified: Mon, 29 Jul 2019 03:11:36 GMT
7293| ETag: "9078-58ec93ff2ca00"
7294| Accept-Ranges: bytes
7295| Content-Length: 36984
7296| Connection: close
7297| Content-Type: text/html; charset=UTF-8
7298|
7299|_ (Request type: HEAD)
7300| http-methods:
7301|_ Supported Methods: GET HEAD POST OPTIONS
7302|_http-mobileversion-checker: No mobile version detected.
7303| http-php-version: Logo query returned unknown hash 9037e0e8509d19ca36c435434ecde85a
7304|_Credits query returned unknown hash 9037e0e8509d19ca36c435434ecde85a
7305| http-security-headers:
7306| Strict_Transport_Security:
7307|_ HSTS not configured in HTTPS Server
7308|_http-server-header: Apache
7309| http-sitemap-generator:
7310| Directory structure:
7311| /
7312| Other: 1; ico: 1
7313| /aboutus/
7314| Other: 1
7315| /career/message/
7316| Other: 1
7317| /common/css/
7318| css: 1
7319| /common/js/
7320| js: 4
7321| /common/js/leaflet/
7322| css: 2
7323| /news/pdf/
7324| pdf: 1
7325| /policy/
7326| Other: 1
7327| /service/scm-support/
7328| Other: 1
7329| /service/value-added/
7330| Other: 1
7331| /service/warehousing/
7332| Other: 1
7333| /solution/
7334| Other: 1
7335| /solution/scm/
7336| Other: 1
7337| /sustainability/
7338| Other: 1
7339| /sustainability/risk/
7340| Other: 1
7341| Longest directory structure:
7342| Depth: 3
7343| Dir: /common/js/leaflet/
7344| Total files found (by extension):
7345|_ Other: 11; css: 3; ico: 1; js: 4; pdf: 1
7346|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
7347|_http-title: 400 Bad Request
7348| http-vhosts:
7349| smtp.ap-northeast-1.compute.amazonaws.com : 400
7350| mail3.ap-northeast-1.compute.amazonaws.com : 400
7351| ads.ap-northeast-1.compute.amazonaws.com : 400
7352| test.ap-northeast-1.compute.amazonaws.com : 400
7353| mssql.ap-northeast-1.compute.amazonaws.com : 400
7354| whois.ap-northeast-1.compute.amazonaws.com : 400
7355| xml.ap-northeast-1.compute.amazonaws.com : 400
7356| eshop.ap-northeast-1.compute.amazonaws.com : 400
7357|_119 names had status 200
7358|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
7359|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
7360|_http-xssed: No previously reported XSS vuln.
7361| vulscan: VulDB - https://vuldb.com:
7362| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7363| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7364| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7365| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7366| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7367| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7368| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7369| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7370| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7371| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7372| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7373| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7374| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7375| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7376| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7377| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7378| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7379| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7380| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7381| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7382| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7383| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7384| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7385| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7386| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7387| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7388| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7389| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7390| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7391| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7392| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7393| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7394| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7395| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7396| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7397| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7398| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7399| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7400| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7401| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7402| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7403| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7404| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7405| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7406| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7407| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7408| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7409| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7410| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7411| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7412| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7413| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7414| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7415| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7416| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7417| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7418| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7419| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7420| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7421| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7422| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7423| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7424| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7425| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7426| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7427| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7428| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7429| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7430| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7431| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7432| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7433| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7434| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7435| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7436| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7437| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7438| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7439| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7440| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7441| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7442| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7443| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7444| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7445| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7446| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7447| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7448| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7449| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7450| [136370] Apache Fineract up to 1.2.x sql injection
7451| [136369] Apache Fineract up to 1.2.x sql injection
7452| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7453| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7454| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7455| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7456| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7457| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7458| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7459| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7460| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7461| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7462| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7463| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7464| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7465| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7466| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7467| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7468| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7469| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7470| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7471| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7472| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7473| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7474| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7475| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7476| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7477| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7478| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7479| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7480| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7481| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7482| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7483| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7484| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7485| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7486| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7487| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7488| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7489| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7490| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7491| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7492| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7493| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7494| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7495| [130629] Apache Guacamole Cookie Flag weak encryption
7496| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7497| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7498| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7499| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7500| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7501| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7502| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7503| [130123] Apache Airflow up to 1.8.2 information disclosure
7504| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7505| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7506| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7507| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7508| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7509| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7510| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7511| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7512| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7513| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7514| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7515| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7516| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7517| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7518| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7519| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7520| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7521| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7522| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7523| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7524| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7525| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7526| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7527| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7528| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7529| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7530| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7531| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7532| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7533| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7534| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7535| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7536| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7537| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7538| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7539| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7540| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7541| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7542| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7543| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7544| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7545| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7546| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7547| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7548| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7549| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7550| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7551| [127007] Apache Spark Request Code Execution
7552| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7553| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7554| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7555| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7556| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7557| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7558| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7559| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7560| [126346] Apache Tomcat Path privilege escalation
7561| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7562| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7563| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7564| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7565| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7566| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7567| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7568| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7569| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7570| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7571| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7572| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7573| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7574| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7575| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7576| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7577| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7578| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7579| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7580| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7581| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7582| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7583| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7584| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7585| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7586| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7587| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7588| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7589| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7590| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7591| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7592| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7593| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7594| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7595| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7596| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7597| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7598| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7599| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7600| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7601| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7602| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7603| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7604| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7605| [123197] Apache Sentry up to 2.0.0 privilege escalation
7606| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7607| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7608| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7609| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7610| [122800] Apache Spark 1.3.0 REST API weak authentication
7611| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7612| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7613| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7614| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7615| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7616| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7617| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7618| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7619| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7620| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7621| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7622| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7623| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7624| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7625| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7626| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7627| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7628| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7629| [121354] Apache CouchDB HTTP API Code Execution
7630| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7631| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7632| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7633| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7634| [120168] Apache CXF weak authentication
7635| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7636| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7637| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7638| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7639| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7640| [119306] Apache MXNet Network Interface privilege escalation
7641| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7642| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7643| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7644| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7645| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7646| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7647| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7648| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7649| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7650| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7651| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7652| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7653| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7654| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7655| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7656| [117115] Apache Tika up to 1.17 tika-server command injection
7657| [116929] Apache Fineract getReportType Parameter privilege escalation
7658| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7659| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7660| [116926] Apache Fineract REST Parameter privilege escalation
7661| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7662| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7663| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7664| [115883] Apache Hive up to 2.3.2 privilege escalation
7665| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7666| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7667| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7668| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7669| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7670| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7671| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7672| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7673| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7674| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7675| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7676| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7677| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7678| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7679| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7680| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7681| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7682| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7683| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7684| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7685| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7686| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7687| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7688| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7689| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7690| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7691| [113895] Apache Geode up to 1.3.x Code Execution
7692| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7693| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7694| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7695| [113747] Apache Tomcat Servlets privilege escalation
7696| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7697| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7698| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7699| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7700| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7701| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7702| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7703| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7704| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7705| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7706| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7707| [112885] Apache Allura up to 1.8.0 File information disclosure
7708| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7709| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7710| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7711| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7712| [112625] Apache POI up to 3.16 Loop denial of service
7713| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7714| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7715| [112339] Apache NiFi 1.5.0 Header privilege escalation
7716| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7717| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7718| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7719| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7720| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7721| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7722| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7723| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7724| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7725| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7726| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7727| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7728| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7729| [112114] Oracle 9.1 Apache Log4j privilege escalation
7730| [112113] Oracle 9.1 Apache Log4j privilege escalation
7731| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7732| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7733| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7734| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7735| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7736| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7737| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7738| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7739| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7740| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7741| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7742| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7743| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7744| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7745| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7746| [110701] Apache Fineract Query Parameter sql injection
7747| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7748| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7749| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7750| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7751| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7752| [110106] Apache CXF Fediz Spring cross site request forgery
7753| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7754| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7755| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7756| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7757| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7758| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7759| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7760| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7761| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7762| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7763| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7764| [108938] Apple macOS up to 10.13.1 apache denial of service
7765| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7766| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7767| [108935] Apple macOS up to 10.13.1 apache denial of service
7768| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7769| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7770| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7771| [108931] Apple macOS up to 10.13.1 apache denial of service
7772| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7773| [108929] Apple macOS up to 10.13.1 apache denial of service
7774| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7775| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7776| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7777| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7778| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7779| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7780| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7781| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7782| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7783| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7784| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7785| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7786| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7787| [108782] Apache Xerces2 XML Service denial of service
7788| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7789| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7790| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7791| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7792| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7793| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7794| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7795| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7796| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7797| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7798| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7799| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7800| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7801| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7802| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7803| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7804| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7805| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7806| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7807| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7808| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7809| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7810| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7811| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7812| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7813| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7814| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7815| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7816| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7817| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7818| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7819| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7820| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7821| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7822| [107639] Apache NiFi 1.4.0 XML External Entity
7823| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7824| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7825| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7826| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7827| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7828| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7829| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7830| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7831| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7832| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7833| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7834| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7835| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7836| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7837| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7838| [107084] Apache Struts up to 2.3.19 cross site scripting
7839| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7840| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7841| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7842| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7843| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7844| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7845| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7846| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7847| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7848| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7849| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7850| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7851| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7852| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7853| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7854| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7855| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7856| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7857| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7858| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7859| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7860| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7861| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7862| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7863| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7864| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7865| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7866| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7867| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7868| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7869| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7870| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7871| [105643] Apache Pony Mail up to 0.8b weak authentication
7872| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7873| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7874| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7875| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7876| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7877| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7878| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7879| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7880| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7881| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7882| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7883| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7884| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7885| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7886| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7887| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7888| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7889| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7890| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7891| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7892| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7893| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7894| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7895| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7896| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7897| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7898| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7899| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7900| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7901| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7902| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7903| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7904| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7905| [103690] Apache OpenMeetings 1.0.0 sql injection
7906| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7907| [103688] Apache OpenMeetings 1.0.0 weak encryption
7908| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7909| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7910| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7911| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7912| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7913| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7914| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7915| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7916| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7917| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7918| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7919| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7920| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7921| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7922| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7923| [103352] Apache Solr Node weak authentication
7924| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7925| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7926| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7927| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7928| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7929| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7930| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7931| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7932| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7933| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7934| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7935| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7936| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7937| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7938| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7939| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7940| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7941| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7942| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7943| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7944| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7945| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7946| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7947| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7948| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7949| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7950| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7951| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7952| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7953| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7954| [99937] Apache Batik up to 1.8 privilege escalation
7955| [99936] Apache FOP up to 2.1 privilege escalation
7956| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7957| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7958| [99930] Apache Traffic Server up to 6.2.0 denial of service
7959| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7960| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7961| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7962| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7963| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7964| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7965| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7966| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7967| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7968| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7969| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7970| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7971| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7972| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7973| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7974| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7975| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7976| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7977| [98605] Apple macOS up to 10.12.3 Apache denial of service
7978| [98604] Apple macOS up to 10.12.3 Apache denial of service
7979| [98603] Apple macOS up to 10.12.3 Apache denial of service
7980| [98602] Apple macOS up to 10.12.3 Apache denial of service
7981| [98601] Apple macOS up to 10.12.3 Apache denial of service
7982| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7983| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7984| [98199] Apache Camel Validation XML External Entity
7985| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7986| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7987| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7988| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7989| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7990| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7991| [97081] Apache Tomcat HTTPS Request denial of service
7992| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7993| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7994| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7995| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7996| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7997| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7998| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7999| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8000| [95311] Apache Storm UI Daemon privilege escalation
8001| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8002| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8003| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8004| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8005| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8006| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8007| [94540] Apache Tika 1.9 tika-server File information disclosure
8008| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8009| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8010| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8011| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8012| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8013| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8014| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8015| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8016| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8017| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8018| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8019| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8020| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8021| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8022| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8023| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8024| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8025| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8026| [93532] Apache Commons Collections Library Java privilege escalation
8027| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8028| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8029| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8030| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8031| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8032| [93098] Apache Commons FileUpload privilege escalation
8033| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8034| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8035| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8036| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8037| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8038| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8039| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8040| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8041| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8042| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8043| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8044| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8045| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8046| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8047| [92549] Apache Tomcat on Red Hat privilege escalation
8048| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8049| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8050| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8051| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8052| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8053| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8054| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8055| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8056| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8057| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8058| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8059| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8060| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8061| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8062| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8063| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8064| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8065| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8066| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8067| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8068| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8069| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8070| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8071| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8072| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8073| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8074| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8075| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8076| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8077| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8078| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8079| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8080| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8081| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8082| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8083| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8084| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8085| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8086| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8087| [90263] Apache Archiva Header denial of service
8088| [90262] Apache Archiva Deserialize privilege escalation
8089| [90261] Apache Archiva XML DTD Connection privilege escalation
8090| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8091| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8092| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8093| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8094| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8095| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8096| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8097| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8098| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8099| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8100| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8101| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8102| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8103| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8104| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8105| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8106| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8107| [87765] Apache James Server 2.3.2 Command privilege escalation
8108| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8109| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8110| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8111| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8112| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8113| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8114| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8115| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8116| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8117| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8118| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8119| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8120| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8121| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8122| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8123| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8124| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8125| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8126| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8127| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8128| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8129| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8130| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8131| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8132| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8133| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8134| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8135| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8136| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8137| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8138| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8139| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8140| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8141| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8142| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8143| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8144| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8145| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8146| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8147| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8148| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8149| [82076] Apache Ranger up to 0.5.1 privilege escalation
8150| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8151| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8152| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8153| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8154| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8155| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8156| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8157| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8158| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8159| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8160| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8161| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8162| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8163| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8164| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8165| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8166| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8167| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8168| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8169| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8170| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8171| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8172| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8173| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8174| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8175| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8176| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8177| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8178| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8179| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8180| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8181| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8182| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8183| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8184| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8185| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8186| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8187| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8188| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8189| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8190| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8191| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8192| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8193| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8194| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8195| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8196| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8197| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8198| [78989] Apache Ambari up to 2.1.1 Open Redirect
8199| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8200| [78987] Apache Ambari up to 2.0.x cross site scripting
8201| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8202| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8203| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8204| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8205| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8206| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8207| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8208| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8209| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8210| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8211| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8212| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8213| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8214| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8215| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8216| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8217| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8218| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8219| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8220| [76567] Apache Struts 2.3.20 unknown vulnerability
8221| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8222| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8223| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8224| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8225| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8226| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8227| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8228| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8229| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8230| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8231| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8232| [74793] Apache Tomcat File Upload denial of service
8233| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8234| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8235| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8236| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8237| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8238| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8239| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8240| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8241| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8242| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8243| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8244| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8245| [74468] Apache Batik up to 1.6 denial of service
8246| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8247| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8248| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8249| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8250| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8251| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8252| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8253| [73731] Apache XML Security unknown vulnerability
8254| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8255| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8256| [73593] Apache Traffic Server up to 5.1.0 denial of service
8257| [73511] Apache POI up to 3.10 Deadlock denial of service
8258| [73510] Apache Solr up to 4.3.0 cross site scripting
8259| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8260| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8261| [73173] Apache CloudStack Stack-Based unknown vulnerability
8262| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8263| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8264| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8265| [72890] Apache Qpid 0.30 unknown vulnerability
8266| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8267| [72878] Apache Cordova 3.5.0 cross site request forgery
8268| [72877] Apache Cordova 3.5.0 cross site request forgery
8269| [72876] Apache Cordova 3.5.0 cross site request forgery
8270| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8271| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8272| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8273| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8274| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8275| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8276| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8277| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8278| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8279| [71629] Apache Axis2/C spoofing
8280| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8281| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8282| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8283| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8284| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8285| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8286| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8287| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8288| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8289| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8290| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8291| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8292| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8293| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8294| [70809] Apache POI up to 3.11 Crash denial of service
8295| [70808] Apache POI up to 3.10 unknown vulnerability
8296| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8297| [70749] Apache Axis up to 1.4 getCN spoofing
8298| [70701] Apache Traffic Server up to 3.3.5 denial of service
8299| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8300| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8301| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8302| [70661] Apache Subversion up to 1.6.17 denial of service
8303| [70660] Apache Subversion up to 1.6.17 spoofing
8304| [70659] Apache Subversion up to 1.6.17 spoofing
8305| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8306| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8307| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8308| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8309| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8310| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8311| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8312| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8313| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8314| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8315| [69846] Apache HBase up to 0.94.8 information disclosure
8316| [69783] Apache CouchDB up to 1.2.0 memory corruption
8317| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8318| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8319| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8320| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8321| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8322| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8323| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8324| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8325| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8326| [69431] Apache Archiva up to 1.3.6 cross site scripting
8327| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8328| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8329| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8330| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8331| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8332| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8333| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8334| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8335| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8336| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8337| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8338| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8339| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8340| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8341| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8342| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8343| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8344| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8345| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8346| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8347| [66356] Apache Wicket up to 6.8.0 information disclosure
8348| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8349| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8350| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8351| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8352| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8353| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8354| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8355| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8356| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8357| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8358| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8359| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8360| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8361| [65668] Apache Solr 4.0.0 Updater denial of service
8362| [65665] Apache Solr up to 4.3.0 denial of service
8363| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8364| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8365| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8366| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8367| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8368| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8369| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8370| [65410] Apache Struts 2.3.15.3 cross site scripting
8371| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8372| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8373| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8374| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8375| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8376| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8377| [65340] Apache Shindig 2.5.0 information disclosure
8378| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8379| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8380| [10826] Apache Struts 2 File privilege escalation
8381| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8382| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8383| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8384| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8385| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8386| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8387| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8388| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8389| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8390| [64722] Apache XML Security for C++ Heap-based memory corruption
8391| [64719] Apache XML Security for C++ Heap-based memory corruption
8392| [64718] Apache XML Security for C++ verify denial of service
8393| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8394| [64716] Apache XML Security for C++ spoofing
8395| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8396| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8397| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8398| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8399| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8400| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8401| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8402| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8403| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8404| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8405| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8406| [64467] Apache Geronimo 3.0 memory corruption
8407| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8408| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8409| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8410| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8411| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8412| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8413| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8414| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8415| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8416| [8873] Apache Struts 2.3.14 privilege escalation
8417| [8872] Apache Struts 2.3.14 privilege escalation
8418| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8419| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8420| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8421| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8422| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8423| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8424| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8425| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8426| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8427| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8428| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8429| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8430| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8431| [8427] Apache Tomcat Session Transaction weak authentication
8432| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8433| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8434| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8435| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8436| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8437| [63747] Apache Rave up to 0.20 User Account information disclosure
8438| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8439| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8440| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8441| [7687] Apache CXF up to 2.7.2 Token weak authentication
8442| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8443| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8444| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8445| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8446| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8447| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8448| [63090] Apache Tomcat up to 4.1.24 denial of service
8449| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8450| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8451| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8452| [62833] Apache CXF -/2.6.0 spoofing
8453| [62832] Apache Axis2 up to 1.6.2 spoofing
8454| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8455| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8456| [62826] Apache Libcloud up to 0.11.0 spoofing
8457| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8458| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8459| [62661] Apache Axis2 unknown vulnerability
8460| [62658] Apache Axis2 unknown vulnerability
8461| [62467] Apache Qpid up to 0.17 denial of service
8462| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8463| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8464| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8465| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8466| [62035] Apache Struts up to 2.3.4 denial of service
8467| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8468| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8469| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8470| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8471| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8472| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8473| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8474| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8475| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8476| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8477| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8478| [61229] Apache Sling up to 2.1.1 denial of service
8479| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8480| [61094] Apache Roller up to 5.0 cross site scripting
8481| [61093] Apache Roller up to 5.0 cross site request forgery
8482| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8483| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8484| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8485| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8486| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8487| [60708] Apache Qpid 0.12 unknown vulnerability
8488| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8489| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8490| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8491| [4882] Apache Wicket up to 1.5.4 directory traversal
8492| [4881] Apache Wicket up to 1.4.19 cross site scripting
8493| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8494| [60352] Apache Struts up to 2.2.3 memory corruption
8495| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8496| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8497| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8498| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8499| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8500| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8501| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8502| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8503| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8504| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8505| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8506| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8507| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8508| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8509| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8510| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8511| [59888] Apache Tomcat up to 6.0.6 denial of service
8512| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8513| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8514| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8515| [59850] Apache Geronimo up to 2.2.1 denial of service
8516| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8517| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8518| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8519| [58413] Apache Tomcat up to 6.0.10 spoofing
8520| [58381] Apache Wicket up to 1.4.17 cross site scripting
8521| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8522| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8523| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8524| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8525| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8526| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8527| [57568] Apache Archiva up to 1.3.4 cross site scripting
8528| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8529| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8530| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8531| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8532| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8533| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8534| [57025] Apache Tomcat up to 7.0.11 information disclosure
8535| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8536| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8537| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8538| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8539| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8540| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8541| [56512] Apache Continuum up to 1.4.0 cross site scripting
8542| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8543| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8544| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8545| [56441] Apache Tomcat up to 7.0.6 denial of service
8546| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8547| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8548| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8549| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8550| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8551| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8552| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8553| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8554| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8555| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8556| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8557| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8558| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8559| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8560| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8561| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8562| [54012] Apache Tomcat up to 6.0.10 denial of service
8563| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8564| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8565| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8566| [52894] Apache Tomcat up to 6.0.7 information disclosure
8567| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8568| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8569| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8570| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8571| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8572| [52584] Apache CouchDB up to 0.10.1 information disclosure
8573| [51757] Apache HTTP Server 2.0.44 cross site scripting
8574| [51756] Apache HTTP Server 2.0.44 spoofing
8575| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8576| [51690] Apache Tomcat up to 6.0 directory traversal
8577| [51689] Apache Tomcat up to 6.0 information disclosure
8578| [51688] Apache Tomcat up to 6.0 directory traversal
8579| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8580| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8581| [50626] Apache Solr 1.0.0 cross site scripting
8582| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8583| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8584| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8585| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8586| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8587| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8588| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8589| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8590| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8591| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8592| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8593| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8594| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8595| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8596| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8597| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8598| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8599| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8600| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8601| [47214] Apachefriends xampp 1.6.8 spoofing
8602| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8603| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8604| [47065] Apache Tomcat 4.1.23 cross site scripting
8605| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8606| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8607| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8608| [86625] Apache Struts directory traversal
8609| [44461] Apache Tomcat up to 5.5.0 information disclosure
8610| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8611| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8612| [43663] Apache Tomcat up to 6.0.16 directory traversal
8613| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8614| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8615| [43516] Apache Tomcat up to 4.1.20 directory traversal
8616| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8617| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8618| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8619| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8620| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8621| [40924] Apache Tomcat up to 6.0.15 information disclosure
8622| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8623| [40922] Apache Tomcat up to 6.0 information disclosure
8624| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8625| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8626| [40656] Apache Tomcat 5.5.20 information disclosure
8627| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8628| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8629| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8630| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8631| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8632| [40234] Apache Tomcat up to 6.0.15 directory traversal
8633| [40221] Apache HTTP Server 2.2.6 information disclosure
8634| [40027] David Castro Apache Authcas 0.4 sql injection
8635| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8636| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8637| [3414] Apache Tomcat WebDAV Stored privilege escalation
8638| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8639| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8640| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8641| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8642| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8643| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8644| [38524] Apache Geronimo 2.0 unknown vulnerability
8645| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8646| [38331] Apache Tomcat 4.1.24 information disclosure
8647| [38330] Apache Tomcat 4.1.24 information disclosure
8648| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8649| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8650| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8651| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8652| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8653| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8654| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8655| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8656| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8657| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8658| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8659| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8660| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8661| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8662| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8663| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8664| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8665| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8666| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8667| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8668| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8669| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8670| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8671| [34252] Apache HTTP Server denial of service
8672| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8673| [33877] Apache Opentaps 0.9.3 cross site scripting
8674| [33876] Apache Open For Business Project unknown vulnerability
8675| [33875] Apache Open For Business Project cross site scripting
8676| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8677| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8678|
8679| MITRE CVE - https://cve.mitre.org:
8680| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8681| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8682| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8683| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8684| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8685| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8686| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8687| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8688| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8689| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8690| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8691| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8692| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8693| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8694| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8695| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8696| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8697| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8698| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8699| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8700| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8701| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8702| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8703| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8704| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8705| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8706| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8707| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8708| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8709| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8710| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8711| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8712| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8713| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8714| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8715| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8716| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8717| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8718| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8719| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8720| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8721| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8722| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8723| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8724| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8725| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8726| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8727| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8728| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8729| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8730| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8731| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8732| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8733| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8734| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8735| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8736| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8737| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8738| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8739| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8740| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8741| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8742| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8743| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8744| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8745| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8746| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8747| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8748| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8749| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8750| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8751| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8752| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8753| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8754| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8755| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8756| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8757| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8758| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8759| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8760| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8761| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8762| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8763| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8764| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8765| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8766| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8767| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8768| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8769| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8770| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8771| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8772| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8773| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8774| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8775| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8776| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8777| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8778| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8779| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8780| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8781| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8782| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8783| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8784| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8785| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8786| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8787| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8788| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8789| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8790| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8791| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8792| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8793| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8794| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8795| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8796| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8797| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8798| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8799| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8800| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8801| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8802| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8803| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8804| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8805| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8806| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8807| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8808| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8809| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8810| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8811| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8812| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8813| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8814| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8815| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8816| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8817| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8818| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8819| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8820| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8821| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8822| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8823| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8824| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8825| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8826| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8827| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8828| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8829| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8830| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8831| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8832| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8833| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8834| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8835| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8836| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8837| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8838| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8839| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8840| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8841| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8842| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8843| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8844| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8845| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8846| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8847| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8848| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8849| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8850| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8851| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8852| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8853| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8854| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8855| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8856| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8857| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8858| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8859| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8860| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8861| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8862| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8863| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8864| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8865| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8866| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8867| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8868| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8869| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8870| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8871| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8872| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8873| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8874| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8875| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8876| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8877| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8878| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8879| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8880| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8881| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8882| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8883| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8884| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8885| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8886| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8887| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8888| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8889| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8890| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8891| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8892| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8893| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8894| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8895| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8896| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8897| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8898| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8899| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8900| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8901| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8902| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8903| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8904| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8905| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8906| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8907| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8908| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8909| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8910| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8911| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8912| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8913| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8914| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8915| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8916| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8917| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8918| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8919| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8920| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8921| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8922| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8923| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8924| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8925| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8926| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8927| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8928| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8929| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8930| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8931| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8932| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8933| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8934| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8935| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8936| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8937| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8938| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8939| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8940| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8941| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8942| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8943| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8944| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8945| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8946| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8947| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8948| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8949| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8950| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8951| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8952| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8953| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8954| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8955| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8956| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8957| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8958| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8959| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8960| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8961| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8962| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8963| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8964| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8965| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8966| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8967| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8968| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8969| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8970| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8971| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8972| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8973| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8974| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8975| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8976| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8977| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8978| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8979| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8980| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8981| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8982| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8983| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8984| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8985| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8986| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8987| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8988| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8989| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8990| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8991| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8992| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8993| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8994| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8995| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8996| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8997| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8998| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8999| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9000| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9001| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9002| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9003| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9004| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9005| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9006| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9007| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9008| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9009| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9010| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9011| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9012| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9013| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9014| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9015| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9016| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9017| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9018| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9019| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9020| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9021| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9022| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9023| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9024| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9025| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9026| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9027| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9028| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9029| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9030| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9031| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9032| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9033| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9034| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9035| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9036| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9037| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9038| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9039| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9040| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9041| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9042| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9043| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9044| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9045| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9046| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9047| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9048| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9049| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9050| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9051| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9052| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9053| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9054| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9055| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9056| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9057| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9058| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9059| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9060| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9061| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9062| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9063| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9064| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9065| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9066| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9067| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9068| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9069| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9070| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9071| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9072| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9073| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9074| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9075| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9076| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9077| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9078| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9079| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9080| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9081| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9082| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9083| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9084| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9085| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9086| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9087| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9088| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9089| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9090| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9091| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9092| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9093| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9094| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9095| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9096| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9097| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9098| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9099| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9100| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9101| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9102| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9103| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9104| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9105| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9106| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9107| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9108| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9109| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9110| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9111| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9112| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9113| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9114| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9115| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9116| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9117| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9118| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9119| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9120| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9121| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9122| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9123| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9124| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9125| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9126| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9127| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9128| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9129| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9130| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9131| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9132| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9133| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9134| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9135| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9136| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9137| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9138| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9139| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9140| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9141| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9142| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9143| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9144| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9145| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9146| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9147| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9148| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9149| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9150| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9151| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9152| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9153| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9154| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9155| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9156| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9157| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9158| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9159| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9160| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9161| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9162| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9163| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9164| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9165| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9166| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9167| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9168| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9169| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9170| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9171| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9172| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9173| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9174| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9175| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9176| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9177| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9178| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9179| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9180| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9181| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9182| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9183| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9184| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9185| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9186| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9187| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9188| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9189| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9190| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9191| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9192| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9193| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9194| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9195| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9196| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9197| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9198| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9199| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9200| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9201| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9202| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9203| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9204| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9205| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9206| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9207| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9208| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9209| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9210| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9211| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9212| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9213| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9214| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9215| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9216| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9217| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9218| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9219| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9220| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9221| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9222| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9223| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9224| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9225| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9226| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9227| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9228| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9229| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9230| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9231| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9232| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9233| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9234| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9235| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9236| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9237| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9238| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9239| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9240| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9241| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9242| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9243| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9244| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9245| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9246| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9247| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9248| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9249| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9250| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9251| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9252| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9253| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9254| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9255| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9256| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9257| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9258| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9259| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9260| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9261| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9262| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9263| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9264| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9265| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9266| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9267| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9268| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9269| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9270| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9271| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9272| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9273| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9274| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9275| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9276| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9277| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9278| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9279| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9280| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9281| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9282| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9283| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9284| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9285| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9286| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9287| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9288| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9289|
9290| SecurityFocus - https://www.securityfocus.com/bid/:
9291| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9292| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9293| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9294| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9295| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9296| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9297| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9298| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9299| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9300| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9301| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9302| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9303| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9304| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9305| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9306| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9307| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9308| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9309| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9310| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9311| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9312| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9313| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9314| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9315| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9316| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9317| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9318| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9319| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9320| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9321| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9322| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9323| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9324| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9325| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9326| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9327| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9328| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9329| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9330| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9331| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9332| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9333| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9334| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9335| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9336| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9337| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9338| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9339| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9340| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9341| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9342| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9343| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9344| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9345| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9346| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9347| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9348| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9349| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9350| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9351| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9352| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9353| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9354| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9355| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9356| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9357| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9358| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9359| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9360| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9361| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9362| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9363| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9364| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9365| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9366| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9367| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9368| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9369| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9370| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9371| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9372| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9373| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9374| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9375| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9376| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9377| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9378| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9379| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9380| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9381| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9382| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9383| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9384| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9385| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9386| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9387| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9388| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9389| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9390| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9391| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9392| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9393| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9394| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9395| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9396| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9397| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9398| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9399| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9400| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9401| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9402| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9403| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9404| [100447] Apache2Triad Multiple Security Vulnerabilities
9405| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9406| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9407| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9408| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9409| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9410| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9411| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9412| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9413| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9414| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9415| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9416| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9417| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9418| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9419| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9420| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9421| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9422| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9423| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9424| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9425| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9426| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9427| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9428| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9429| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9430| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9431| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9432| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9433| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9434| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9435| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9436| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9437| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9438| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9439| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9440| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9441| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9442| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9443| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9444| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9445| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9446| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9447| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9448| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9449| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9450| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9451| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9452| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9453| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9454| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9455| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9456| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9457| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9458| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9459| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9460| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9461| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9462| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9463| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9464| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9465| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9466| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9467| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9468| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9469| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9470| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9471| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9472| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9473| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9474| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9475| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9476| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9477| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9478| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9479| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9480| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9481| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9482| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9483| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9484| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9485| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9486| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9487| [95675] Apache Struts Remote Code Execution Vulnerability
9488| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9489| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9490| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9491| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9492| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9493| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9494| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9495| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9496| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9497| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9498| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9499| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9500| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9501| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9502| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9503| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9504| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9505| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9506| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9507| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9508| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9509| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9510| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9511| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9512| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9513| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9514| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9515| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9516| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9517| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9518| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9519| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9520| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9521| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9522| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9523| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9524| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9525| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9526| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9527| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9528| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9529| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9530| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9531| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9532| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9533| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9534| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9535| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9536| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9537| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9538| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9539| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9540| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9541| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9542| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9543| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9544| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9545| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9546| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9547| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9548| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9549| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9550| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9551| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9552| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9553| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9554| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9555| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9556| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9557| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9558| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9559| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9560| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9561| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9562| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9563| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9564| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9565| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9566| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9567| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9568| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9569| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9570| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9571| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9572| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9573| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9574| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9575| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9576| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9577| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9578| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9579| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9580| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9581| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9582| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9583| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9584| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9585| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9586| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9587| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9588| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9589| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9590| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9591| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9592| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9593| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9594| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9595| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9596| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9597| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9598| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9599| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9600| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9601| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9602| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9603| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9604| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9605| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9606| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9607| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9608| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9609| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9610| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9611| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9612| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9613| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9614| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9615| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9616| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9617| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9618| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9619| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9620| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9621| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9622| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9623| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9624| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9625| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9626| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9627| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9628| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9629| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9630| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9631| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9632| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9633| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9634| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9635| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9636| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9637| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9638| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9639| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9640| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9641| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9642| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9643| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9644| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9645| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9646| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9647| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9648| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9649| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9650| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9651| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9652| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9653| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9654| [76933] Apache James Server Unspecified Command Execution Vulnerability
9655| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9656| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9657| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9658| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9659| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9660| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9661| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9662| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9663| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9664| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9665| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9666| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9667| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9668| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9669| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9670| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9671| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9672| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9673| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9674| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9675| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9676| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9677| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9678| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9679| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9680| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9681| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9682| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9683| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9684| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9685| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9686| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9687| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9688| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9689| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9690| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9691| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9692| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9693| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9694| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9695| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9696| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9697| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9698| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9699| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9700| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9701| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9702| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9703| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9704| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9705| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9706| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9707| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9708| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9709| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9710| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9711| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9712| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9713| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9714| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9715| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9716| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9717| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9718| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9719| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9720| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9721| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9722| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9723| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9724| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9725| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9726| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9727| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9728| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9729| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9730| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9731| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9732| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9733| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9734| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9735| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9736| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9737| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9738| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9739| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9740| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9741| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9742| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9743| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9744| [68229] Apache Harmony PRNG Entropy Weakness
9745| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9746| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9747| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9748| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9749| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9750| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9751| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9752| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9753| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9754| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9755| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9756| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9757| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9758| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9759| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9760| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9761| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9762| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9763| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9764| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9765| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9766| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9767| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9768| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9769| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9770| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9771| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9772| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9773| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9774| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9775| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9776| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9777| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9778| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9779| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9780| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9781| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9782| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9783| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9784| [64780] Apache CloudStack Unauthorized Access Vulnerability
9785| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9786| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9787| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9788| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9789| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9790| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9791| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9792| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9793| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9794| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9795| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9796| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9797| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9798| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9799| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9800| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9801| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9802| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9803| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9804| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9805| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9806| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9807| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9808| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9809| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9810| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9811| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9812| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9813| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9814| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9815| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9816| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9817| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9818| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9819| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9820| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9821| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9822| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9823| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9824| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9825| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9826| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9827| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9828| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9829| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9830| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9831| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9832| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9833| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9834| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9835| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9836| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9837| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9838| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9839| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9840| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9841| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9842| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9843| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9844| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9845| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9846| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9847| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9848| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9849| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9850| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9851| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9852| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9853| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9854| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9855| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9856| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9857| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9858| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9859| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9860| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9861| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9862| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9863| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9864| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9865| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9866| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9867| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9868| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9869| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9870| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9871| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9872| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9873| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9874| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9875| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9876| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9877| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9878| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9879| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9880| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9881| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9882| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9883| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9884| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9885| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9886| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9887| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9888| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9889| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9890| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9891| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9892| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9893| [54798] Apache Libcloud Man In The Middle Vulnerability
9894| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9895| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9896| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9897| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9898| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9899| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9900| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9901| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9902| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9903| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9904| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9905| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9906| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9907| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9908| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9909| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9910| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9911| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9912| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9913| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9914| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9915| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9916| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9917| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9918| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9919| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9920| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9921| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9922| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9923| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9924| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9925| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9926| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9927| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9928| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9929| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9930| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9931| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9932| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9933| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9934| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9935| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9936| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9937| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9938| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9939| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9940| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9941| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9942| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9943| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9944| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9945| [49290] Apache Wicket Cross Site Scripting Vulnerability
9946| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9947| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9948| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9949| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9950| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9951| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9952| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9953| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9954| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9955| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9956| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9957| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9958| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9959| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9960| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9961| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9962| [46953] Apache MPM-ITK Module Security Weakness
9963| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9964| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9965| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9966| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9967| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9968| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9969| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9970| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9971| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9972| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9973| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9974| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9975| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9976| [44616] Apache Shiro Directory Traversal Vulnerability
9977| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9978| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9979| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9980| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9981| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9982| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9983| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9984| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9985| [42492] Apache CXF XML DTD Processing Security Vulnerability
9986| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9987| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9988| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9989| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9990| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9991| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9992| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9993| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9994| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9995| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9996| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9997| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9998| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9999| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10000| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10001| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10002| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10003| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10004| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10005| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10006| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10007| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10008| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10009| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10010| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10011| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10012| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10013| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10014| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10015| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10016| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10017| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10018| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10019| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10020| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10021| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10022| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10023| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10024| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10025| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10026| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10027| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10028| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10029| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10030| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10031| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10032| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10033| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10034| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10035| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10036| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10037| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10038| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10039| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10040| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10041| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10042| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10043| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10044| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10045| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10046| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10047| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10048| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10049| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10050| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10051| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10052| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10053| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10054| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10055| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10056| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10057| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10058| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10059| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10060| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10061| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10062| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10063| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10064| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10065| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10066| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10067| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10068| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10069| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10070| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10071| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10072| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10073| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10074| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10075| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10076| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10077| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10078| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10079| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10080| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10081| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10082| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10083| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10084| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10085| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10086| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10087| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10088| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10089| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10090| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10091| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10092| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10093| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10094| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10095| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10096| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10097| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10098| [20527] Apache Mod_TCL Remote Format String Vulnerability
10099| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10100| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10101| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10102| [19106] Apache Tomcat Information Disclosure Vulnerability
10103| [18138] Apache James SMTP Denial Of Service Vulnerability
10104| [17342] Apache Struts Multiple Remote Vulnerabilities
10105| [17095] Apache Log4Net Denial Of Service Vulnerability
10106| [16916] Apache mod_python FileSession Code Execution Vulnerability
10107| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10108| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10109| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10110| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10111| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10112| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10113| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10114| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10115| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10116| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10117| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10118| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10119| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10120| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10121| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10122| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10123| [14106] Apache HTTP Request Smuggling Vulnerability
10124| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10125| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10126| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10127| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10128| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10129| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10130| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10131| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10132| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10133| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10134| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10135| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10136| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10137| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10138| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10139| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10140| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10141| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10142| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10143| [11094] Apache mod_ssl Denial Of Service Vulnerability
10144| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10145| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10146| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10147| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10148| [10478] ClueCentral Apache Suexec Patch Security Weakness
10149| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10150| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10151| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10152| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10153| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10154| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10155| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10156| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10157| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10158| [9733] Apache Cygwin Directory Traversal Vulnerability
10159| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10160| [9590] Apache-SSL Client Certificate Forging Vulnerability
10161| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10162| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10163| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10164| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10165| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10166| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10167| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10168| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10169| [8898] Red Hat Apache Directory Index Default Configuration Error
10170| [8883] Apache Cocoon Directory Traversal Vulnerability
10171| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10172| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10173| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10174| [8707] Apache htpasswd Password Entropy Weakness
10175| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10176| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10177| [8226] Apache HTTP Server Multiple Vulnerabilities
10178| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10179| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10180| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10181| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10182| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10183| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10184| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10185| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10186| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10187| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10188| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10189| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10190| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10191| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10192| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10193| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10194| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10195| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10196| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10197| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10198| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10199| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10200| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10201| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10202| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10203| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10204| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10205| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10206| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10207| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10208| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10209| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10210| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10211| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10212| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10213| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10214| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10215| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10216| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10217| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10218| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10219| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10220| [5485] Apache 2.0 Path Disclosure Vulnerability
10221| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10222| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10223| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10224| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10225| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10226| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10227| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10228| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10229| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10230| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10231| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10232| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10233| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10234| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10235| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10236| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10237| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10238| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10239| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10240| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10241| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10242| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10243| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10244| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10245| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10246| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10247| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10248| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10249| [3596] Apache Split-Logfile File Append Vulnerability
10250| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10251| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10252| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10253| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10254| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10255| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10256| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10257| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10258| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10259| [3169] Apache Server Address Disclosure Vulnerability
10260| [3009] Apache Possible Directory Index Disclosure Vulnerability
10261| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10262| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10263| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10264| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10265| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10266| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10267| [2216] Apache Web Server DoS Vulnerability
10268| [2182] Apache /tmp File Race Vulnerability
10269| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10270| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10271| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10272| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10273| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10274| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10275| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10276| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10277| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10278| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10279| [1457] Apache::ASP source.asp Example Script Vulnerability
10280| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10281| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10282|
10283| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10284| [86258] Apache CloudStack text fields cross-site scripting
10285| [85983] Apache Subversion mod_dav_svn module denial of service
10286| [85875] Apache OFBiz UEL code execution
10287| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10288| [85871] Apache HTTP Server mod_session_dbd unspecified
10289| [85756] Apache Struts OGNL expression command execution
10290| [85755] Apache Struts DefaultActionMapper class open redirect
10291| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10292| [85574] Apache HTTP Server mod_dav denial of service
10293| [85573] Apache Struts Showcase App OGNL code execution
10294| [85496] Apache CXF denial of service
10295| [85423] Apache Geronimo RMI classloader code execution
10296| [85326] Apache Santuario XML Security for C++ buffer overflow
10297| [85323] Apache Santuario XML Security for Java spoofing
10298| [85319] Apache Qpid Python client SSL spoofing
10299| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10300| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10301| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10302| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10303| [84952] Apache Tomcat CVE-2012-3544 denial of service
10304| [84763] Apache Struts CVE-2013-2135 security bypass
10305| [84762] Apache Struts CVE-2013-2134 security bypass
10306| [84719] Apache Subversion CVE-2013-2088 command execution
10307| [84718] Apache Subversion CVE-2013-2112 denial of service
10308| [84717] Apache Subversion CVE-2013-1968 denial of service
10309| [84577] Apache Tomcat security bypass
10310| [84576] Apache Tomcat symlink
10311| [84543] Apache Struts CVE-2013-2115 security bypass
10312| [84542] Apache Struts CVE-2013-1966 security bypass
10313| [84154] Apache Tomcat session hijacking
10314| [84144] Apache Tomcat denial of service
10315| [84143] Apache Tomcat information disclosure
10316| [84111] Apache HTTP Server command execution
10317| [84043] Apache Virtual Computing Lab cross-site scripting
10318| [84042] Apache Virtual Computing Lab cross-site scripting
10319| [83782] Apache CloudStack information disclosure
10320| [83781] Apache CloudStack security bypass
10321| [83720] Apache ActiveMQ cross-site scripting
10322| [83719] Apache ActiveMQ denial of service
10323| [83718] Apache ActiveMQ denial of service
10324| [83263] Apache Subversion denial of service
10325| [83262] Apache Subversion denial of service
10326| [83261] Apache Subversion denial of service
10327| [83259] Apache Subversion denial of service
10328| [83035] Apache mod_ruid2 security bypass
10329| [82852] Apache Qpid federation_tag security bypass
10330| [82851] Apache Qpid qpid::framing::Buffer denial of service
10331| [82758] Apache Rave User RPC API information disclosure
10332| [82663] Apache Subversion svn_fs_file_length() denial of service
10333| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10334| [82641] Apache Qpid AMQP denial of service
10335| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10336| [82618] Apache Commons FileUpload symlink
10337| [82360] Apache HTTP Server manager interface cross-site scripting
10338| [82359] Apache HTTP Server hostnames cross-site scripting
10339| [82338] Apache Tomcat log/logdir information disclosure
10340| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10341| [82268] Apache OpenJPA deserialization command execution
10342| [81981] Apache CXF UsernameTokens security bypass
10343| [81980] Apache CXF WS-Security security bypass
10344| [81398] Apache OFBiz cross-site scripting
10345| [81240] Apache CouchDB directory traversal
10346| [81226] Apache CouchDB JSONP code execution
10347| [81225] Apache CouchDB Futon user interface cross-site scripting
10348| [81211] Apache Axis2/C SSL spoofing
10349| [81167] Apache CloudStack DeployVM information disclosure
10350| [81166] Apache CloudStack AddHost API information disclosure
10351| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10352| [80518] Apache Tomcat cross-site request forgery security bypass
10353| [80517] Apache Tomcat FormAuthenticator security bypass
10354| [80516] Apache Tomcat NIO denial of service
10355| [80408] Apache Tomcat replay-countermeasure security bypass
10356| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10357| [80317] Apache Tomcat slowloris denial of service
10358| [79984] Apache Commons HttpClient SSL spoofing
10359| [79983] Apache CXF SSL spoofing
10360| [79830] Apache Axis2/Java SSL spoofing
10361| [79829] Apache Axis SSL spoofing
10362| [79809] Apache Tomcat DIGEST security bypass
10363| [79806] Apache Tomcat parseHeaders() denial of service
10364| [79540] Apache OFBiz unspecified
10365| [79487] Apache Axis2 SAML security bypass
10366| [79212] Apache Cloudstack code execution
10367| [78734] Apache CXF SOAP Action security bypass
10368| [78730] Apache Qpid broker denial of service
10369| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10370| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10371| [78562] Apache mod_pagespeed module security bypass
10372| [78454] Apache Axis2 security bypass
10373| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10374| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10375| [78321] Apache Wicket unspecified cross-site scripting
10376| [78183] Apache Struts parameters denial of service
10377| [78182] Apache Struts cross-site request forgery
10378| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10379| [77987] mod_rpaf module for Apache denial of service
10380| [77958] Apache Struts skill name code execution
10381| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10382| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10383| [77568] Apache Qpid broker security bypass
10384| [77421] Apache Libcloud spoofing
10385| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10386| [77046] Oracle Solaris Apache HTTP Server information disclosure
10387| [76837] Apache Hadoop information disclosure
10388| [76802] Apache Sling CopyFrom denial of service
10389| [76692] Apache Hadoop symlink
10390| [76535] Apache Roller console cross-site request forgery
10391| [76534] Apache Roller weblog cross-site scripting
10392| [76152] Apache CXF elements security bypass
10393| [76151] Apache CXF child policies security bypass
10394| [75983] MapServer for Windows Apache file include
10395| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10396| [75558] Apache POI denial of service
10397| [75545] PHP apache_request_headers() buffer overflow
10398| [75302] Apache Qpid SASL security bypass
10399| [75211] Debian GNU/Linux apache 2 cross-site scripting
10400| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10401| [74871] Apache OFBiz FlexibleStringExpander code execution
10402| [74870] Apache OFBiz multiple cross-site scripting
10403| [74750] Apache Hadoop unspecified spoofing
10404| [74319] Apache Struts XSLTResult.java file upload
10405| [74313] Apache Traffic Server header buffer overflow
10406| [74276] Apache Wicket directory traversal
10407| [74273] Apache Wicket unspecified cross-site scripting
10408| [74181] Apache HTTP Server mod_fcgid module denial of service
10409| [73690] Apache Struts OGNL code execution
10410| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10411| [73100] Apache MyFaces in directory traversal
10412| [73096] Apache APR hash denial of service
10413| [73052] Apache Struts name cross-site scripting
10414| [73030] Apache CXF UsernameToken security bypass
10415| [72888] Apache Struts lastName cross-site scripting
10416| [72758] Apache HTTP Server httpOnly information disclosure
10417| [72757] Apache HTTP Server MPM denial of service
10418| [72585] Apache Struts ParameterInterceptor security bypass
10419| [72438] Apache Tomcat Digest security bypass
10420| [72437] Apache Tomcat Digest security bypass
10421| [72436] Apache Tomcat DIGEST security bypass
10422| [72425] Apache Tomcat parameter denial of service
10423| [72422] Apache Tomcat request object information disclosure
10424| [72377] Apache HTTP Server scoreboard security bypass
10425| [72345] Apache HTTP Server HTTP request denial of service
10426| [72229] Apache Struts ExceptionDelegator command execution
10427| [72089] Apache Struts ParameterInterceptor directory traversal
10428| [72088] Apache Struts CookieInterceptor command execution
10429| [72047] Apache Geronimo hash denial of service
10430| [72016] Apache Tomcat hash denial of service
10431| [71711] Apache Struts OGNL expression code execution
10432| [71654] Apache Struts interfaces security bypass
10433| [71620] Apache ActiveMQ failover denial of service
10434| [71617] Apache HTTP Server mod_proxy module information disclosure
10435| [71508] Apache MyFaces EL security bypass
10436| [71445] Apache HTTP Server mod_proxy security bypass
10437| [71203] Apache Tomcat servlets privilege escalation
10438| [71181] Apache HTTP Server ap_pregsub() denial of service
10439| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10440| [70336] Apache HTTP Server mod_proxy information disclosure
10441| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10442| [69472] Apache Tomcat AJP security bypass
10443| [69396] Apache HTTP Server ByteRange filter denial of service
10444| [69394] Apache Wicket multi window support cross-site scripting
10445| [69176] Apache Tomcat XML information disclosure
10446| [69161] Apache Tomcat jsvc information disclosure
10447| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10448| [68541] Apache Tomcat sendfile information disclosure
10449| [68420] Apache XML Security denial of service
10450| [68238] Apache Tomcat JMX information disclosure
10451| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10452| [67804] Apache Subversion control rules information disclosure
10453| [67803] Apache Subversion control rules denial of service
10454| [67802] Apache Subversion baselined denial of service
10455| [67672] Apache Archiva multiple cross-site scripting
10456| [67671] Apache Archiva multiple cross-site request forgery
10457| [67564] Apache APR apr_fnmatch() denial of service
10458| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10459| [67515] Apache Tomcat annotations security bypass
10460| [67480] Apache Struts s:submit information disclosure
10461| [67414] Apache APR apr_fnmatch() denial of service
10462| [67356] Apache Struts javatemplates cross-site scripting
10463| [67354] Apache Struts Xwork cross-site scripting
10464| [66676] Apache Tomcat HTTP BIO information disclosure
10465| [66675] Apache Tomcat web.xml security bypass
10466| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10467| [66241] Apache HttpComponents information disclosure
10468| [66154] Apache Tomcat ServletSecurity security bypass
10469| [65971] Apache Tomcat ServletSecurity security bypass
10470| [65876] Apache Subversion mod_dav_svn denial of service
10471| [65343] Apache Continuum unspecified cross-site scripting
10472| [65162] Apache Tomcat NIO connector denial of service
10473| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10474| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10475| [65159] Apache Tomcat ServletContect security bypass
10476| [65050] Apache CouchDB web-based administration UI cross-site scripting
10477| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10478| [64473] Apache Subversion blame -g denial of service
10479| [64472] Apache Subversion walk() denial of service
10480| [64407] Apache Axis2 CVE-2010-0219 code execution
10481| [63926] Apache Archiva password privilege escalation
10482| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10483| [63493] Apache Archiva credentials cross-site request forgery
10484| [63477] Apache Tomcat HttpOnly session hijacking
10485| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10486| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10487| [62959] Apache Shiro filters security bypass
10488| [62790] Apache Perl cgi module denial of service
10489| [62576] Apache Qpid exchange denial of service
10490| [62575] Apache Qpid AMQP denial of service
10491| [62354] Apache Qpid SSL denial of service
10492| [62235] Apache APR-util apr_brigade_split_line() denial of service
10493| [62181] Apache XML-RPC SAX Parser information disclosure
10494| [61721] Apache Traffic Server cache poisoning
10495| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10496| [61186] Apache CouchDB Futon cross-site request forgery
10497| [61169] Apache CXF DTD denial of service
10498| [61070] Apache Jackrabbit search.jsp SQL injection
10499| [61006] Apache SLMS Quoting cross-site request forgery
10500| [60962] Apache Tomcat time cross-site scripting
10501| [60883] Apache mod_proxy_http information disclosure
10502| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10503| [60264] Apache Tomcat Transfer-Encoding denial of service
10504| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10505| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10506| [59413] Apache mod_proxy_http timeout information disclosure
10507| [59058] Apache MyFaces unencrypted view state cross-site scripting
10508| [58827] Apache Axis2 xsd file include
10509| [58790] Apache Axis2 modules cross-site scripting
10510| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10511| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10512| [58056] Apache ActiveMQ .jsp source code disclosure
10513| [58055] Apache Tomcat realm name information disclosure
10514| [58046] Apache HTTP Server mod_auth_shadow security bypass
10515| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10516| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10517| [57429] Apache CouchDB algorithms information disclosure
10518| [57398] Apache ActiveMQ Web console cross-site request forgery
10519| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10520| [56653] Apache HTTP Server DNS spoofing
10521| [56652] Apache HTTP Server DNS cross-site scripting
10522| [56625] Apache HTTP Server request header information disclosure
10523| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10524| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10525| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10526| [55857] Apache Tomcat WAR files directory traversal
10527| [55856] Apache Tomcat autoDeploy attribute security bypass
10528| [55855] Apache Tomcat WAR directory traversal
10529| [55210] Intuit component for Joomla! Apache information disclosure
10530| [54533] Apache Tomcat 404 error page cross-site scripting
10531| [54182] Apache Tomcat admin default password
10532| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10533| [53666] Apache HTTP Server Solaris pollset support denial of service
10534| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10535| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10536| [53041] mod_proxy_ftp module for Apache denial of service
10537| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10538| [51953] Apache Tomcat Path Disclosure
10539| [51952] Apache Tomcat Path Traversal
10540| [51951] Apache stronghold-status Information Disclosure
10541| [51950] Apache stronghold-info Information Disclosure
10542| [51949] Apache PHP Source Code Disclosure
10543| [51948] Apache Multiviews Attack
10544| [51946] Apache JServ Environment Status Information Disclosure
10545| [51945] Apache error_log Information Disclosure
10546| [51944] Apache Default Installation Page Pattern Found
10547| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10548| [51942] Apache AXIS XML External Entity File Retrieval
10549| [51941] Apache AXIS Sample Servlet Information Leak
10550| [51940] Apache access_log Information Disclosure
10551| [51626] Apache mod_deflate denial of service
10552| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10553| [51365] Apache Tomcat RequestDispatcher security bypass
10554| [51273] Apache HTTP Server Incomplete Request denial of service
10555| [51195] Apache Tomcat XML information disclosure
10556| [50994] Apache APR-util xml/apr_xml.c denial of service
10557| [50993] Apache APR-util apr_brigade_vprintf denial of service
10558| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10559| [50930] Apache Tomcat j_security_check information disclosure
10560| [50928] Apache Tomcat AJP denial of service
10561| [50884] Apache HTTP Server XML ENTITY denial of service
10562| [50808] Apache HTTP Server AllowOverride privilege escalation
10563| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10564| [50059] Apache mod_proxy_ajp information disclosure
10565| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10566| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10567| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10568| [49921] Apache ActiveMQ Web interface cross-site scripting
10569| [49898] Apache Geronimo Services/Repository directory traversal
10570| [49725] Apache Tomcat mod_jk module information disclosure
10571| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10572| [49712] Apache Struts unspecified cross-site scripting
10573| [49213] Apache Tomcat cal2.jsp cross-site scripting
10574| [48934] Apache Tomcat POST doRead method information disclosure
10575| [48211] Apache Tomcat header HTTP request smuggling
10576| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10577| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10578| [47709] Apache Roller "
10579| [47104] Novell Netware ApacheAdmin console security bypass
10580| [47086] Apache HTTP Server OS fingerprinting unspecified
10581| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10582| [45791] Apache Tomcat RemoteFilterValve security bypass
10583| [44435] Oracle WebLogic Apache Connector buffer overflow
10584| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10585| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10586| [44156] Apache Tomcat RequestDispatcher directory traversal
10587| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10588| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10589| [42987] Apache HTTP Server mod_proxy module denial of service
10590| [42915] Apache Tomcat JSP files path disclosure
10591| [42914] Apache Tomcat MS-DOS path disclosure
10592| [42892] Apache Tomcat unspecified unauthorized access
10593| [42816] Apache Tomcat Host Manager cross-site scripting
10594| [42303] Apache 403 error cross-site scripting
10595| [41618] Apache-SSL ExpandCert() authentication bypass
10596| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10597| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10598| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10599| [40562] Apache Geronimo init information disclosure
10600| [40478] Novell Web Manager webadmin-apache.conf security bypass
10601| [40411] Apache Tomcat exception handling information disclosure
10602| [40409] Apache Tomcat native (APR based) connector weak security
10603| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10604| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10605| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10606| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10607| [39804] Apache Tomcat SingleSignOn information disclosure
10608| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10609| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10610| [39608] Apache HTTP Server balancer manager cross-site request forgery
10611| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10612| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10613| [39472] Apache HTTP Server mod_status cross-site scripting
10614| [39201] Apache Tomcat JULI logging weak security
10615| [39158] Apache HTTP Server Windows SMB shares information disclosure
10616| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10617| [38951] Apache::AuthCAS Perl module cookie SQL injection
10618| [38800] Apache HTTP Server 413 error page cross-site scripting
10619| [38211] Apache Geronimo SQLLoginModule authentication bypass
10620| [37243] Apache Tomcat WebDAV directory traversal
10621| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10622| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10623| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10624| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10625| [36782] Apache Geronimo MEJB unauthorized access
10626| [36586] Apache HTTP Server UTF-7 cross-site scripting
10627| [36468] Apache Geronimo LoginModule security bypass
10628| [36467] Apache Tomcat functions.jsp cross-site scripting
10629| [36402] Apache Tomcat calendar cross-site request forgery
10630| [36354] Apache HTTP Server mod_proxy module denial of service
10631| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10632| [36336] Apache Derby lock table privilege escalation
10633| [36335] Apache Derby schema privilege escalation
10634| [36006] Apache Tomcat "
10635| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10636| [35999] Apache Tomcat \"
10637| [35795] Apache Tomcat CookieExample cross-site scripting
10638| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10639| [35384] Apache HTTP Server mod_cache module denial of service
10640| [35097] Apache HTTP Server mod_status module cross-site scripting
10641| [35095] Apache HTTP Server Prefork MPM module denial of service
10642| [34984] Apache HTTP Server recall_headers information disclosure
10643| [34966] Apache HTTP Server MPM content spoofing
10644| [34965] Apache HTTP Server MPM information disclosure
10645| [34963] Apache HTTP Server MPM multiple denial of service
10646| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10647| [34869] Apache Tomcat JSP example Web application cross-site scripting
10648| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10649| [34496] Apache Tomcat JK Connector security bypass
10650| [34377] Apache Tomcat hello.jsp cross-site scripting
10651| [34212] Apache Tomcat SSL configuration security bypass
10652| [34210] Apache Tomcat Accept-Language cross-site scripting
10653| [34209] Apache Tomcat calendar application cross-site scripting
10654| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10655| [34167] Apache Axis WSDL file path disclosure
10656| [34068] Apache Tomcat AJP connector information disclosure
10657| [33584] Apache HTTP Server suEXEC privilege escalation
10658| [32988] Apache Tomcat proxy module directory traversal
10659| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10660| [32708] Debian Apache tty privilege escalation
10661| [32441] ApacheStats extract() PHP call unspecified
10662| [32128] Apache Tomcat default account
10663| [31680] Apache Tomcat RequestParamExample cross-site scripting
10664| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10665| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10666| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10667| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10668| [29550] Apache mod_tcl set_var() format string
10669| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10670| [28357] Apache HTTP Server mod_alias script source information disclosure
10671| [28063] Apache mod_rewrite off-by-one buffer overflow
10672| [27902] Apache Tomcat URL information disclosure
10673| [26786] Apache James SMTP server denial of service
10674| [25680] libapache2 /tmp/svn file upload
10675| [25614] Apache Struts lookupMap cross-site scripting
10676| [25613] Apache Struts ActionForm denial of service
10677| [25612] Apache Struts isCancelled() security bypass
10678| [24965] Apache mod_python FileSession command execution
10679| [24716] Apache James spooler memory leak denial of service
10680| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10681| [24158] Apache Geronimo jsp-examples cross-site scripting
10682| [24030] Apache auth_ldap module multiple format strings
10683| [24008] Apache mod_ssl custom error message denial of service
10684| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10685| [23612] Apache mod_imap referer field cross-site scripting
10686| [23173] Apache Struts error message cross-site scripting
10687| [22942] Apache Tomcat directory listing denial of service
10688| [22858] Apache Multi-Processing Module code allows denial of service
10689| [22602] RHSA-2005:582 updates for Apache httpd not installed
10690| [22520] Apache mod-auth-shadow "
10691| [22466] ApacheTop symlink
10692| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10693| [22006] Apache HTTP Server byte-range filter denial of service
10694| [21567] Apache mod_ssl off-by-one buffer overflow
10695| [21195] Apache HTTP Server header HTTP request smuggling
10696| [20383] Apache HTTP Server htdigest buffer overflow
10697| [19681] Apache Tomcat AJP12 request denial of service
10698| [18993] Apache HTTP server check_forensic symlink attack
10699| [18790] Apache Tomcat Manager cross-site scripting
10700| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10701| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10702| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10703| [17961] Apache Web server ServerTokens has not been set
10704| [17930] Apache HTTP Server HTTP GET request denial of service
10705| [17785] Apache mod_include module buffer overflow
10706| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10707| [17473] Apache HTTP Server Satisfy directive allows access to resources
10708| [17413] Apache htpasswd buffer overflow
10709| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10710| [17382] Apache HTTP Server IPv6 apr_util denial of service
10711| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10712| [17273] Apache HTTP Server speculative mode denial of service
10713| [17200] Apache HTTP Server mod_ssl denial of service
10714| [16890] Apache HTTP Server server-info request has been detected
10715| [16889] Apache HTTP Server server-status request has been detected
10716| [16705] Apache mod_ssl format string attack
10717| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10718| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10719| [16230] Apache HTTP Server PHP denial of service
10720| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10721| [15958] Apache HTTP Server authentication modules memory corruption
10722| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10723| [15540] Apache HTTP Server socket starvation denial of service
10724| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10725| [15422] Apache HTTP Server mod_access information disclosure
10726| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10727| [15293] Apache for Cygwin "
10728| [15065] Apache-SSL has a default password
10729| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10730| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10731| [14751] Apache Mod_python output filter information disclosure
10732| [14125] Apache HTTP Server mod_userdir module information disclosure
10733| [14075] Apache HTTP Server mod_php file descriptor leak
10734| [13703] Apache HTTP Server account
10735| [13689] Apache HTTP Server configuration allows symlinks
10736| [13688] Apache HTTP Server configuration allows SSI
10737| [13687] Apache HTTP Server Server: header value
10738| [13685] Apache HTTP Server ServerTokens value
10739| [13684] Apache HTTP Server ServerSignature value
10740| [13672] Apache HTTP Server config allows directory autoindexing
10741| [13671] Apache HTTP Server default content
10742| [13670] Apache HTTP Server config file directive references outside content root
10743| [13668] Apache HTTP Server httpd not running in chroot environment
10744| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10745| [13664] Apache HTTP Server config file contains ScriptAlias entry
10746| [13663] Apache HTTP Server CGI support modules loaded
10747| [13661] Apache HTTP Server config file contains AddHandler entry
10748| [13660] Apache HTTP Server 500 error page not CGI script
10749| [13659] Apache HTTP Server 413 error page not CGI script
10750| [13658] Apache HTTP Server 403 error page not CGI script
10751| [13657] Apache HTTP Server 401 error page not CGI script
10752| [13552] Apache HTTP Server mod_cgid module information disclosure
10753| [13550] Apache GET request directory traversal
10754| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10755| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10756| [13429] Apache Tomcat non-HTTP request denial of service
10757| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10758| [13295] Apache weak password encryption
10759| [13254] Apache Tomcat .jsp cross-site scripting
10760| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10761| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10762| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10763| [12662] Apache HTTP Server rotatelogs denial of service
10764| [12554] Apache Tomcat stores password in plain text
10765| [12553] Apache HTTP Server redirects and subrequests denial of service
10766| [12552] Apache HTTP Server FTP proxy server denial of service
10767| [12551] Apache HTTP Server prefork MPM denial of service
10768| [12550] Apache HTTP Server weaker than expected encryption
10769| [12549] Apache HTTP Server type-map file denial of service
10770| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10771| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10772| [12091] Apache HTTP Server apr_password_validate denial of service
10773| [12090] Apache HTTP Server apr_psprintf code execution
10774| [11804] Apache HTTP Server mod_access_referer denial of service
10775| [11750] Apache HTTP Server could leak sensitive file descriptors
10776| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10777| [11703] Apache long slash path allows directory listing
10778| [11695] Apache HTTP Server LF (Line Feed) denial of service
10779| [11694] Apache HTTP Server filestat.c denial of service
10780| [11438] Apache HTTP Server MIME message boundaries information disclosure
10781| [11412] Apache HTTP Server error log terminal escape sequence injection
10782| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10783| [11195] Apache Tomcat web.xml could be used to read files
10784| [11194] Apache Tomcat URL appended with a null character could list directories
10785| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10786| [11126] Apache HTTP Server illegal character file disclosure
10787| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10788| [11124] Apache HTTP Server DOS device name denial of service
10789| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10790| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10791| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10792| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10793| [10499] Apache HTTP Server WebDAV HTTP POST view source
10794| [10457] Apache HTTP Server mod_ssl "
10795| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10796| [10414] Apache HTTP Server htdigest multiple buffer overflows
10797| [10413] Apache HTTP Server htdigest temporary file race condition
10798| [10412] Apache HTTP Server htpasswd temporary file race condition
10799| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10800| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10801| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10802| [10280] Apache HTTP Server shared memory scorecard overwrite
10803| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10804| [10241] Apache HTTP Server Host: header cross-site scripting
10805| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10806| [10208] Apache HTTP Server mod_dav denial of service
10807| [10206] HP VVOS Apache mod_ssl denial of service
10808| [10200] Apache HTTP Server stderr denial of service
10809| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10810| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10811| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10812| [10098] Slapper worm targets OpenSSL/Apache systems
10813| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10814| [9875] Apache HTTP Server .var file request could disclose installation path
10815| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10816| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10817| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10818| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10819| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10820| [9396] Apache Tomcat null character to threads denial of service
10821| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10822| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10823| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10824| [8932] Apache Tomcat example class information disclosure
10825| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10826| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10827| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10828| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10829| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10830| [8400] Apache HTTP Server mod_frontpage buffer overflows
10831| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10832| [8308] Apache "
10833| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10834| [8119] Apache and PHP OPTIONS request reveals "
10835| [8054] Apache is running on the system
10836| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10837| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10838| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10839| [7836] Apache HTTP Server log directory denial of service
10840| [7815] Apache for Windows "
10841| [7810] Apache HTTP request could result in unexpected behavior
10842| [7599] Apache Tomcat reveals installation path
10843| [7494] Apache "
10844| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10845| [7363] Apache Web Server hidden HTTP requests
10846| [7249] Apache mod_proxy denial of service
10847| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10848| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10849| [7059] Apache "
10850| [7057] Apache "
10851| [7056] Apache "
10852| [7055] Apache "
10853| [7054] Apache "
10854| [6997] Apache Jakarta Tomcat error message may reveal information
10855| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10856| [6970] Apache crafted HTTP request could reveal the internal IP address
10857| [6921] Apache long slash path allows directory listing
10858| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10859| [6527] Apache Web Server for Windows and OS2 denial of service
10860| [6316] Apache Jakarta Tomcat may reveal JSP source code
10861| [6305] Apache Jakarta Tomcat directory traversal
10862| [5926] Linux Apache symbolic link
10863| [5659] Apache Web server discloses files when used with php script
10864| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10865| [5204] Apache WebDAV directory listings
10866| [5197] Apache Web server reveals CGI script source code
10867| [5160] Apache Jakarta Tomcat default installation
10868| [5099] Trustix Secure Linux installs Apache with world writable access
10869| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10870| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10871| [4931] Apache source.asp example file allows users to write to files
10872| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10873| [4205] Apache Jakarta Tomcat delivers file contents
10874| [2084] Apache on Debian by default serves the /usr/doc directory
10875| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10876| [697] Apache HTTP server beck exploit
10877| [331] Apache cookies buffer overflow
10878|
10879| Exploit-DB - https://www.exploit-db.com:
10880| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10881| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10882| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10883| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10884| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10885| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10886| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10887| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10888| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10889| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10890| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10891| [29859] Apache Roller OGNL Injection
10892| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10893| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10894| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10895| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10896| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10897| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10898| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10899| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10900| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10901| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10902| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10903| [27096] Apache Geronimo 1.0 Error Page XSS
10904| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10905| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10906| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10907| [25986] Plesk Apache Zeroday Remote Exploit
10908| [25980] Apache Struts includeParams Remote Code Execution
10909| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10910| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10911| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10912| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10913| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10914| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10915| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10916| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10917| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10918| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10919| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10920| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10921| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10922| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10923| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10924| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10925| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10926| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10927| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10928| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10929| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10930| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10931| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10932| [21719] Apache 2.0 Path Disclosure Vulnerability
10933| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10934| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10935| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10936| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10937| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10938| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10939| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10940| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10941| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10942| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10943| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10944| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10945| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10946| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10947| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10948| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10949| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10950| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10951| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10952| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10953| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10954| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10955| [20558] Apache 1.2 Web Server DoS Vulnerability
10956| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10957| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10958| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10959| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10960| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10961| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10962| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10963| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10964| [19231] PHP apache_request_headers Function Buffer Overflow
10965| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10966| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10967| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10968| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10969| [18442] Apache httpOnly Cookie Disclosure
10970| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10971| [18221] Apache HTTP Server Denial of Service
10972| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10973| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10974| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10975| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10976| [16782] Apache Win32 Chunked Encoding
10977| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10978| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10979| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10980| [15319] Apache 2.2 (Windows) Local Denial of Service
10981| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10982| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10983| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10984| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10985| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10986| [12330] Apache OFBiz - Multiple XSS
10987| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10988| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10989| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10990| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10991| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10992| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10993| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10994| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10995| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10996| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10997| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10998| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10999| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11000| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11001| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11002| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11003| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11004| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11005| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11006| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11007| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11008| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11009| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11010| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11011| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11012| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11013| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11014| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11015| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11016| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11017| [466] htpasswd Apache 1.3.31 - Local Exploit
11018| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11019| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11020| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11021| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11022| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11023| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11024| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11025| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11026| [9] Apache HTTP Server 2.x Memory Leak Exploit
11027|
11028| OpenVAS (Nessus) - http://www.openvas.org:
11029| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11030| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11031| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11032| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11033| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11034| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11035| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11036| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11037| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11038| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11039| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11040| [900571] Apache APR-Utils Version Detection
11041| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11042| [900496] Apache Tiles Multiple XSS Vulnerability
11043| [900493] Apache Tiles Version Detection
11044| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11045| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11046| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11047| [870175] RedHat Update for apache RHSA-2008:0004-01
11048| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11049| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11050| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11051| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11052| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11053| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11054| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11055| [855821] Solaris Update for Apache 1.3 122912-19
11056| [855812] Solaris Update for Apache 1.3 122911-19
11057| [855737] Solaris Update for Apache 1.3 122911-17
11058| [855731] Solaris Update for Apache 1.3 122912-17
11059| [855695] Solaris Update for Apache 1.3 122911-16
11060| [855645] Solaris Update for Apache 1.3 122912-16
11061| [855587] Solaris Update for kernel update and Apache 108529-29
11062| [855566] Solaris Update for Apache 116973-07
11063| [855531] Solaris Update for Apache 116974-07
11064| [855524] Solaris Update for Apache 2 120544-14
11065| [855494] Solaris Update for Apache 1.3 122911-15
11066| [855478] Solaris Update for Apache Security 114145-11
11067| [855472] Solaris Update for Apache Security 113146-12
11068| [855179] Solaris Update for Apache 1.3 122912-15
11069| [855147] Solaris Update for kernel update and Apache 108528-29
11070| [855077] Solaris Update for Apache 2 120543-14
11071| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11072| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11073| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11074| [841209] Ubuntu Update for apache2 USN-1627-1
11075| [840900] Ubuntu Update for apache2 USN-1368-1
11076| [840798] Ubuntu Update for apache2 USN-1259-1
11077| [840734] Ubuntu Update for apache2 USN-1199-1
11078| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11079| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11080| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11081| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11082| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11083| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11084| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11085| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11086| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11087| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11088| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11089| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11090| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11091| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11092| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11093| [835188] HP-UX Update for Apache HPSBUX02308
11094| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11095| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11096| [835172] HP-UX Update for Apache HPSBUX02365
11097| [835168] HP-UX Update for Apache HPSBUX02313
11098| [835148] HP-UX Update for Apache HPSBUX01064
11099| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11100| [835131] HP-UX Update for Apache HPSBUX00256
11101| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11102| [835104] HP-UX Update for Apache HPSBUX00224
11103| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11104| [835101] HP-UX Update for Apache HPSBUX01232
11105| [835080] HP-UX Update for Apache HPSBUX02273
11106| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11107| [835044] HP-UX Update for Apache HPSBUX01019
11108| [835040] HP-UX Update for Apache PHP HPSBUX00207
11109| [835025] HP-UX Update for Apache HPSBUX00197
11110| [835023] HP-UX Update for Apache HPSBUX01022
11111| [835022] HP-UX Update for Apache HPSBUX02292
11112| [835005] HP-UX Update for Apache HPSBUX02262
11113| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11114| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11115| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11116| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11117| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11118| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11119| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11120| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11121| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11122| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11123| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11124| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11125| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11126| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11127| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11128| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11129| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11130| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11131| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11132| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11133| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11134| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11135| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11136| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11137| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11138| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11139| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11140| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11141| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11142| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11143| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11144| [801942] Apache Archiva Multiple Vulnerabilities
11145| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11146| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11147| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11148| [801284] Apache Derby Information Disclosure Vulnerability
11149| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11150| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11151| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11152| [800680] Apache APR Version Detection
11153| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11154| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11155| [800677] Apache Roller Version Detection
11156| [800279] Apache mod_jk Module Version Detection
11157| [800278] Apache Struts Cross Site Scripting Vulnerability
11158| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11159| [800276] Apache Struts Version Detection
11160| [800271] Apache Struts Directory Traversal Vulnerability
11161| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11162| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11163| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11164| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11165| [103074] Apache Continuum Cross Site Scripting Vulnerability
11166| [103073] Apache Continuum Detection
11167| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11168| [101023] Apache Open For Business Weak Password security check
11169| [101020] Apache Open For Business HTML injection vulnerability
11170| [101019] Apache Open For Business service detection
11171| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11172| [100923] Apache Archiva Detection
11173| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11174| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11175| [100813] Apache Axis2 Detection
11176| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11177| [100795] Apache Derby Detection
11178| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11179| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11180| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11181| [100514] Apache Multiple Security Vulnerabilities
11182| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11183| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11184| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11185| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11186| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11187| [72612] FreeBSD Ports: apache22
11188| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11189| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11190| [71512] FreeBSD Ports: apache
11191| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11192| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11193| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11194| [70737] FreeBSD Ports: apache
11195| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11196| [70600] FreeBSD Ports: apache
11197| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11198| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11199| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11200| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11201| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11202| [67868] FreeBSD Ports: apache
11203| [66816] FreeBSD Ports: apache
11204| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11205| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11206| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11207| [66081] SLES11: Security update for Apache 2
11208| [66074] SLES10: Security update for Apache 2
11209| [66070] SLES9: Security update for Apache 2
11210| [65998] SLES10: Security update for apache2-mod_python
11211| [65893] SLES10: Security update for Apache 2
11212| [65888] SLES10: Security update for Apache 2
11213| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11214| [65510] SLES9: Security update for Apache 2
11215| [65472] SLES9: Security update for Apache
11216| [65467] SLES9: Security update for Apache
11217| [65450] SLES9: Security update for apache2
11218| [65390] SLES9: Security update for Apache2
11219| [65363] SLES9: Security update for Apache2
11220| [65309] SLES9: Security update for Apache and mod_ssl
11221| [65296] SLES9: Security update for webdav apache module
11222| [65283] SLES9: Security update for Apache2
11223| [65249] SLES9: Security update for Apache 2
11224| [65230] SLES9: Security update for Apache 2
11225| [65228] SLES9: Security update for Apache 2
11226| [65212] SLES9: Security update for apache2-mod_python
11227| [65209] SLES9: Security update for apache2-worker
11228| [65207] SLES9: Security update for Apache 2
11229| [65168] SLES9: Security update for apache2-mod_python
11230| [65142] SLES9: Security update for Apache2
11231| [65136] SLES9: Security update for Apache 2
11232| [65132] SLES9: Security update for apache
11233| [65131] SLES9: Security update for Apache 2 oes/CORE
11234| [65113] SLES9: Security update for apache2
11235| [65072] SLES9: Security update for apache and mod_ssl
11236| [65017] SLES9: Security update for Apache 2
11237| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11238| [64783] FreeBSD Ports: apache
11239| [64774] Ubuntu USN-802-2 (apache2)
11240| [64653] Ubuntu USN-813-2 (apache2)
11241| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11242| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11243| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11244| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11245| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11246| [64443] Ubuntu USN-802-1 (apache2)
11247| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11248| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11249| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11250| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11251| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11252| [64201] Ubuntu USN-787-1 (apache2)
11253| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11254| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11255| [63565] FreeBSD Ports: apache
11256| [63562] Ubuntu USN-731-1 (apache2)
11257| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11258| [61185] FreeBSD Ports: apache
11259| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11260| [60387] Slackware Advisory SSA:2008-045-02 apache
11261| [58826] FreeBSD Ports: apache-tomcat
11262| [58825] FreeBSD Ports: apache-tomcat
11263| [58804] FreeBSD Ports: apache
11264| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11265| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11266| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11267| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11268| [57335] Debian Security Advisory DSA 1167-1 (apache)
11269| [57201] Debian Security Advisory DSA 1131-1 (apache)
11270| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11271| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11272| [57145] FreeBSD Ports: apache
11273| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11274| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11275| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11276| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11277| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11278| [56067] FreeBSD Ports: apache
11279| [55803] Slackware Advisory SSA:2005-310-04 apache
11280| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11281| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11282| [55355] FreeBSD Ports: apache
11283| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11284| [55261] Debian Security Advisory DSA 805-1 (apache2)
11285| [55259] Debian Security Advisory DSA 803-1 (apache)
11286| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11287| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11288| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11289| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11290| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11291| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11292| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11293| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11294| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11295| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11296| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11297| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11298| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11299| [54439] FreeBSD Ports: apache
11300| [53931] Slackware Advisory SSA:2004-133-01 apache
11301| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11302| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11303| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11304| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11305| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11306| [53848] Debian Security Advisory DSA 131-1 (apache)
11307| [53784] Debian Security Advisory DSA 021-1 (apache)
11308| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11309| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11310| [53735] Debian Security Advisory DSA 187-1 (apache)
11311| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11312| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11313| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11314| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11315| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11316| [53282] Debian Security Advisory DSA 594-1 (apache)
11317| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11318| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11319| [53215] Debian Security Advisory DSA 525-1 (apache)
11320| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11321| [52529] FreeBSD Ports: apache+ssl
11322| [52501] FreeBSD Ports: apache
11323| [52461] FreeBSD Ports: apache
11324| [52390] FreeBSD Ports: apache
11325| [52389] FreeBSD Ports: apache
11326| [52388] FreeBSD Ports: apache
11327| [52383] FreeBSD Ports: apache
11328| [52339] FreeBSD Ports: apache+mod_ssl
11329| [52331] FreeBSD Ports: apache
11330| [52329] FreeBSD Ports: ru-apache+mod_ssl
11331| [52314] FreeBSD Ports: apache
11332| [52310] FreeBSD Ports: apache
11333| [15588] Detect Apache HTTPS
11334| [15555] Apache mod_proxy content-length buffer overflow
11335| [15554] Apache mod_include priviledge escalation
11336| [14771] Apache <= 1.3.33 htpasswd local overflow
11337| [14177] Apache mod_access rule bypass
11338| [13644] Apache mod_rootme Backdoor
11339| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11340| [12280] Apache Connection Blocking Denial of Service
11341| [12239] Apache Error Log Escape Sequence Injection
11342| [12123] Apache Tomcat source.jsp malformed request information disclosure
11343| [12085] Apache Tomcat servlet/JSP container default files
11344| [11438] Apache Tomcat Directory Listing and File disclosure
11345| [11204] Apache Tomcat Default Accounts
11346| [11092] Apache 2.0.39 Win32 directory traversal
11347| [11046] Apache Tomcat TroubleShooter Servlet Installed
11348| [11042] Apache Tomcat DOS Device Name XSS
11349| [11041] Apache Tomcat /servlet Cross Site Scripting
11350| [10938] Apache Remote Command Execution via .bat files
11351| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11352| [10773] MacOS X Finder reveals contents of Apache Web files
11353| [10766] Apache UserDir Sensitive Information Disclosure
11354| [10756] MacOS X Finder reveals contents of Apache Web directories
11355| [10752] Apache Auth Module SQL Insertion Attack
11356| [10704] Apache Directory Listing
11357| [10678] Apache /server-info accessible
11358| [10677] Apache /server-status accessible
11359| [10440] Check for Apache Multiple / vulnerability
11360|
11361| SecurityTracker - https://www.securitytracker.com:
11362| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11363| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11364| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11365| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11366| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11367| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11368| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11369| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11370| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11371| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11372| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11373| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11374| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11375| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11376| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11377| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11378| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11379| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11380| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11381| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11382| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11383| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11384| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11385| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11386| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11387| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11388| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11389| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11390| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11391| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11392| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11393| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11394| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11395| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11396| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11397| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11398| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11399| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11400| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11401| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11402| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11403| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11404| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11405| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11406| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11407| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11408| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11409| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11410| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11411| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11412| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11413| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11414| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11415| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11416| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11417| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11418| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11419| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11420| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11421| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11422| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11423| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11424| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11425| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11426| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11427| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11428| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11429| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11430| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11431| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11432| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11433| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11434| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11435| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11436| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11437| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11438| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11439| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11440| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11441| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11442| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11443| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11444| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11445| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11446| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11447| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11448| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11449| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11450| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11451| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11452| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11453| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11454| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11455| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11456| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11457| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11458| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11459| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11460| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11461| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11462| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11463| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11464| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11465| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11466| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11467| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11468| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11469| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11470| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11471| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11472| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11473| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11474| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11475| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11476| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11477| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11478| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11479| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11480| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11481| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11482| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11483| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11484| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11485| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11486| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11487| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11488| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11489| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11490| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11491| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11492| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11493| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11494| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11495| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11496| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11497| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11498| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11499| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11500| [1008920] Apache mod_digest May Validate Replayed Client Responses
11501| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11502| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11503| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11504| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11505| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11506| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11507| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11508| [1008029] Apache mod_alias Contains a Buffer Overflow
11509| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11510| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11511| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11512| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11513| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11514| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11515| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11516| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11517| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11518| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11519| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11520| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11521| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11522| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11523| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11524| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11525| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11526| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11527| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11528| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11529| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11530| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11531| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11532| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11533| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11534| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11535| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11536| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11537| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11538| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11539| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11540| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11541| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11542| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11543| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11544| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11545| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11546| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11547| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11548| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11549| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11550| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11551| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11552| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11553| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11554| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11555| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11556| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11557| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11558| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11559| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11560| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11561| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11562| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11563| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11564| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11565|
11566| OSVDB - http://www.osvdb.org:
11567| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11568| [96077] Apache CloudStack Global Settings Multiple Field XSS
11569| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11570| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11571| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11572| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11573| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11574| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11575| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11576| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11577| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11578| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11579| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11580| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11581| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11582| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11583| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11584| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11585| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11586| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11587| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11588| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11589| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11590| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11591| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11592| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11593| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11594| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11595| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11596| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11597| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11598| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11599| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11600| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11601| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11602| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11603| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11604| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11605| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11606| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11607| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11608| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11609| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11610| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11611| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11612| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11613| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11614| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11615| [94279] Apache Qpid CA Certificate Validation Bypass
11616| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11617| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11618| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11619| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11620| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11621| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11622| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11623| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11624| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11625| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11626| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11627| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11628| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11629| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11630| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11631| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11632| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11633| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11634| [93541] Apache Solr json.wrf Callback XSS
11635| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11636| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11637| [93520] Apache CloudStack Default SSL Key Weakness
11638| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11639| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11640| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11641| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11642| [93515] Apache HBase table.jsp name Parameter XSS
11643| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11644| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11645| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11646| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11647| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11648| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11649| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11650| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11651| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11652| [93252] Apache Tomcat FORM Authenticator Session Fixation
11653| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11654| [93171] Apache Sling HtmlResponse Error Message XSS
11655| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11656| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11657| [93168] Apache Click ErrorReport.java id Parameter XSS
11658| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11659| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11660| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11661| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11662| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11663| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11664| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11665| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11666| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11667| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11668| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11669| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11670| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11671| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11672| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11673| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11674| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11675| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11676| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11677| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11678| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11679| [93144] Apache Solr Admin Command Execution CSRF
11680| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11681| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11682| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11683| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11684| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11685| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11686| [92748] Apache CloudStack VM Console Access Restriction Bypass
11687| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11688| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11689| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11690| [92706] Apache ActiveMQ Debug Log Rendering XSS
11691| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11692| [92270] Apache Tomcat Unspecified CSRF
11693| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11694| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11695| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11696| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11697| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11698| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11699| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11700| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11701| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11702| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11703| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11704| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11705| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11706| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11707| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11708| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11709| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11710| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11711| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11712| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11713| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11714| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11715| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11716| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11717| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11718| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11719| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11720| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11721| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11722| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11723| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11724| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11725| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11726| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11727| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11728| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11729| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11730| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11731| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11732| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11733| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11734| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11735| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11736| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11737| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11738| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11739| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11740| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11741| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11742| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11743| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11744| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11745| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11746| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11747| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11748| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11749| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11750| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11751| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11752| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11753| [86901] Apache Tomcat Error Message Path Disclosure
11754| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11755| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11756| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11757| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11758| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11759| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11760| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11761| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11762| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11763| [85430] Apache mod_pagespeed Module Unspecified XSS
11764| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11765| [85249] Apache Wicket Unspecified XSS
11766| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11767| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11768| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11769| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11770| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11771| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11772| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11773| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11774| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11775| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11776| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11777| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11778| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11779| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11780| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11781| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11782| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11783| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11784| [83339] Apache Roller Blogger Roll Unspecified XSS
11785| [83270] Apache Roller Unspecified Admin Action CSRF
11786| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11787| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11788| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11789| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11790| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11791| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11792| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11793| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11794| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11795| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11796| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11797| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11798| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11799| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11800| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11801| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11802| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11803| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11804| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11805| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11806| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11807| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11808| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11809| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11810| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11811| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11812| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11813| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11814| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11815| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11816| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11817| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11818| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11819| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11820| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11821| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11822| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11823| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11824| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11825| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11826| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11827| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11828| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11829| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11830| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11831| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11832| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11833| [77593] Apache Struts Conversion Error OGNL Expression Injection
11834| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11835| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11836| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11837| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11838| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11839| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11840| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11841| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11842| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11843| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11844| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11845| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11846| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11847| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11848| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11849| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11850| [74725] Apache Wicket Multi Window Support Unspecified XSS
11851| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11852| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11853| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11854| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11855| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11856| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11857| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11858| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11859| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11860| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11861| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11862| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11863| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11864| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11865| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11866| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11867| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11868| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11869| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11870| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11871| [73154] Apache Archiva Multiple Unspecified CSRF
11872| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11873| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11874| [72238] Apache Struts Action / Method Names <
11875| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11876| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11877| [71557] Apache Tomcat HTML Manager Multiple XSS
11878| [71075] Apache Archiva User Management Page XSS
11879| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11880| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11881| [70924] Apache Continuum Multiple Admin Function CSRF
11882| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11883| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11884| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11885| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11886| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11887| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11888| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11889| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11890| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11891| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11892| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11893| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11894| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11895| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11896| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11897| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11898| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11899| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11900| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11901| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11902| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11903| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11904| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11905| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11906| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11907| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11908| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11909| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11910| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11911| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11912| [65054] Apache ActiveMQ Jetty Error Handler XSS
11913| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11914| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11915| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11916| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11917| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11918| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11919| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11920| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11921| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11922| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11923| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11924| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11925| [63895] Apache HTTP Server mod_headers Unspecified Issue
11926| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11927| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11928| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11929| [63140] Apache Thrift Service Malformed Data Remote DoS
11930| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11931| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11932| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11933| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11934| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11935| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11936| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11937| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11938| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11939| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11940| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11941| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11942| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11943| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11944| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11945| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11946| [60678] Apache Roller Comment Email Notification Manipulation DoS
11947| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11948| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11949| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11950| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11951| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11952| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11953| [60232] PHP on Apache php.exe Direct Request Remote DoS
11954| [60176] Apache Tomcat Windows Installer Admin Default Password
11955| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11956| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11957| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11958| [59944] Apache Hadoop jobhistory.jsp XSS
11959| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11960| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11961| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11962| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11963| [59019] Apache mod_python Cookie Salting Weakness
11964| [59018] Apache Harmony Error Message Handling Overflow
11965| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11966| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11967| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11968| [59010] Apache Solr get-file.jsp XSS
11969| [59009] Apache Solr action.jsp XSS
11970| [59008] Apache Solr analysis.jsp XSS
11971| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11972| [59006] Apache Beehive select / checkbox Tag XSS
11973| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11974| [59004] Apache Beehive Error Message XSS
11975| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11976| [59002] Apache Jetspeed default-page.psml URI XSS
11977| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11978| [59000] Apache CXF Unsigned Message Policy Bypass
11979| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11980| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11981| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11982| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11983| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11984| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11985| [58993] Apache Hadoop browseBlock.jsp XSS
11986| [58991] Apache Hadoop browseDirectory.jsp XSS
11987| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11988| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11989| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11990| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11991| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11992| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11993| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11994| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11995| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11996| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11997| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11998| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11999| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12000| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12001| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12002| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12003| [58974] Apache Sling /apps Script User Session Management Access Weakness
12004| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12005| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12006| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12007| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12008| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12009| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12010| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12011| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12012| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12013| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12014| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12015| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12016| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12017| [58805] Apache Derby Unauthenticated Database / Admin Access
12018| [58804] Apache Wicket Header Contribution Unspecified Issue
12019| [58803] Apache Wicket Session Fixation
12020| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12021| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12022| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12023| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12024| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12025| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12026| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12027| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12028| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12029| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12030| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12031| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12032| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12033| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12034| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12035| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12036| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12037| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12038| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12039| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12040| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12041| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12042| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12043| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12044| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12045| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12046| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12047| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12048| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12049| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12050| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12051| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12052| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12053| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12054| [58755] Apache Harmony DRLVM Non-public Class Member Access
12055| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12056| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12057| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12058| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12059| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12060| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12061| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12062| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12063| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12064| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12065| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12066| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12067| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12068| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12069| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12070| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12071| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12072| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12073| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12074| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12075| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12076| [58724] Apache Roller Logout Functionality Failure Session Persistence
12077| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12078| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12079| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12080| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12081| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12082| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12083| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12084| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12085| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12086| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12087| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12088| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12089| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12090| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12091| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12092| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12093| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12094| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12095| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12096| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12097| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12098| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12099| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12100| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12101| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12102| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12103| [58687] Apache Axis Invalid wsdl Request XSS
12104| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12105| [58685] Apache Velocity Template Designer Privileged Code Execution
12106| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12107| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12108| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12109| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12110| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12111| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12112| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12113| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12114| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12115| [58667] Apache Roller Database Cleartext Passwords Disclosure
12116| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12117| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12118| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12119| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12120| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12121| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12122| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12123| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12124| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12125| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12126| [56984] Apache Xerces2 Java Malformed XML Input DoS
12127| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12128| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12129| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12130| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12131| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12132| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12133| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12134| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12135| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12136| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12137| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12138| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12139| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12140| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12141| [55056] Apache Tomcat Cross-application TLD File Manipulation
12142| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12143| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12144| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12145| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12146| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12147| [54589] Apache Jserv Nonexistent JSP Request XSS
12148| [54122] Apache Struts s:a / s:url Tag href Element XSS
12149| [54093] Apache ActiveMQ Web Console JMS Message XSS
12150| [53932] Apache Geronimo Multiple Admin Function CSRF
12151| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12152| [53930] Apache Geronimo /console/portal/ URI XSS
12153| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12154| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12155| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12156| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12157| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12158| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12159| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12160| [53380] Apache Struts Unspecified XSS
12161| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12162| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12163| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12164| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12165| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12166| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12167| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12168| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12169| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12170| [51151] Apache Roller Search Function q Parameter XSS
12171| [50482] PHP with Apache php_value Order Unspecified Issue
12172| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12173| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12174| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12175| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12176| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12177| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12178| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12179| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12180| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12181| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12182| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12183| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12184| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12185| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12186| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12187| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12188| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12189| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12190| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12191| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12192| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12193| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12194| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12195| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12196| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12197| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12198| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12199| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12200| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12201| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12202| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12203| [43452] Apache Tomcat HTTP Request Smuggling
12204| [43309] Apache Geronimo LoginModule Login Method Bypass
12205| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12206| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12207| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12208| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12209| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12210| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12211| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12212| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12213| [42091] Apache Maven Site Plugin Installation Permission Weakness
12214| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12215| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12216| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12217| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12218| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12219| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12220| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12221| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12222| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12223| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12224| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12225| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12226| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12227| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12228| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12229| [40262] Apache HTTP Server mod_status refresh XSS
12230| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12231| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12232| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12233| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12234| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12235| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12236| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12237| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12238| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12239| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12240| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12241| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12242| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12243| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12244| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12245| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12246| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12247| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12248| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12249| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12250| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12251| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12252| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12253| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12254| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12255| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12256| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12257| [36079] Apache Tomcat Manager Uploaded Filename XSS
12258| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12259| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12260| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12261| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12262| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12263| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12264| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12265| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12266| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12267| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12268| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12269| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12270| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12271| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12272| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12273| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12274| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12275| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12276| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12277| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12278| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12279| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12280| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12281| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12282| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12283| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12284| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12285| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12286| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12287| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12288| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12289| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12290| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12291| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12292| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12293| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12294| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12295| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12296| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12297| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12298| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12299| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12300| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12301| [24365] Apache Struts Multiple Function Error Message XSS
12302| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12303| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12304| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12305| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12306| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12307| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12308| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12309| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12310| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12311| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12312| [22459] Apache Geronimo Error Page XSS
12313| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12314| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12315| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12316| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12317| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12318| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12319| [21021] Apache Struts Error Message XSS
12320| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12321| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12322| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12323| [20439] Apache Tomcat Directory Listing Saturation DoS
12324| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12325| [20285] Apache HTTP Server Log File Control Character Injection
12326| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12327| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12328| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12329| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12330| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12331| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12332| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12333| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12334| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12335| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12336| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12337| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12338| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12339| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12340| [18233] Apache HTTP Server htdigest user Variable Overfow
12341| [17738] Apache HTTP Server HTTP Request Smuggling
12342| [16586] Apache HTTP Server Win32 GET Overflow DoS
12343| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12344| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12345| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12346| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12347| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12348| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12349| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12350| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12351| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12352| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12353| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12354| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12355| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12356| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12357| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12358| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12359| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12360| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12361| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12362| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12363| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12364| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12365| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12366| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12367| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12368| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12369| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12370| [13304] Apache Tomcat realPath.jsp Path Disclosure
12371| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12372| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12373| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12374| [12848] Apache HTTP Server htdigest realm Variable Overflow
12375| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12376| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12377| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12378| [12557] Apache HTTP Server prefork MPM accept Error DoS
12379| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12380| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12381| [12231] Apache Tomcat web.xml Arbitrary File Access
12382| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12383| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12384| [12178] Apache Jakarta Lucene results.jsp XSS
12385| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12386| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12387| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12388| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12389| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12390| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12391| [10471] Apache Xerces-C++ XML Parser DoS
12392| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12393| [10068] Apache HTTP Server htpasswd Local Overflow
12394| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12395| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12396| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12397| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12398| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12399| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12400| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12401| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12402| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12403| [9714] Apache Authentication Module Threaded MPM DoS
12404| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12405| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12406| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12407| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12408| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12409| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12410| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12411| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12412| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12413| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12414| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12415| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12416| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12417| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12418| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12419| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12420| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12421| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12422| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12423| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12424| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12425| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12426| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12427| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12428| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12429| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12430| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12431| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12432| [9208] Apache Tomcat .jsp Encoded Newline XSS
12433| [9204] Apache Tomcat ROOT Application XSS
12434| [9203] Apache Tomcat examples Application XSS
12435| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12436| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12437| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12438| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12439| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12440| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12441| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12442| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12443| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12444| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12445| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12446| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12447| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12448| [7611] Apache HTTP Server mod_alias Local Overflow
12449| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12450| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12451| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12452| [6882] Apache mod_python Malformed Query String Variant DoS
12453| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12454| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12455| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12456| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12457| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12458| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12459| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12460| [5278] Apache Tomcat web.xml Restriction Bypass
12461| [5051] Apache Tomcat Null Character DoS
12462| [4973] Apache Tomcat servlet Mapping XSS
12463| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12464| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12465| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12466| [4568] mod_survey For Apache ENV Tags SQL Injection
12467| [4553] Apache HTTP Server ApacheBench Overflow DoS
12468| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12469| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12470| [4383] Apache HTTP Server Socket Race Condition DoS
12471| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12472| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12473| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12474| [4231] Apache Cocoon Error Page Server Path Disclosure
12475| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12476| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12477| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12478| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12479| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12480| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12481| [3322] mod_php for Apache HTTP Server Process Hijack
12482| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12483| [2885] Apache mod_python Malformed Query String DoS
12484| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12485| [2733] Apache HTTP Server mod_rewrite Local Overflow
12486| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12487| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12488| [2149] Apache::Gallery Privilege Escalation
12489| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12490| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12491| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12492| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12493| [872] Apache Tomcat Multiple Default Accounts
12494| [862] Apache HTTP Server SSI Error Page XSS
12495| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12496| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12497| [845] Apache Tomcat MSDOS Device XSS
12498| [844] Apache Tomcat Java Servlet Error Page XSS
12499| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12500| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12501| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12502| [775] Apache mod_python Module Importing Privilege Function Execution
12503| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12504| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12505| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12506| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12507| [637] Apache HTTP Server UserDir Directive Username Enumeration
12508| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12509| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12510| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12511| [561] Apache Web Servers mod_status /server-status Information Disclosure
12512| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12513| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12514| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12515| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12516| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12517| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12518| [376] Apache Tomcat contextAdmin Arbitrary File Access
12519| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12520| [222] Apache HTTP Server test-cgi Arbitrary File Access
12521| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12522| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12523|_
12524Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
12525Device type: general purpose
12526Running (JUST GUESSING): Linux 4.X (89%)
12527OS CPE: cpe:/o:linux:linux_kernel:4.2
12528Aggressive OS guesses: Linux 4.2 (89%)
12529No exact OS matches for host (test conditions non-ideal).
12530Uptime guess: 24.965 days (since Mon Dec 23 16:08:55 2019)
12531TCP Sequence Prediction: Difficulty=260 (Good luck!)
12532IP ID Sequence Generation: All zeros
12533
12534TRACEROUTE (using port 443/tcp)
12535HOP RTT ADDRESS
125361 60.61 ms 10.243.204.1
125372 90.93 ms 104.245.145.177
125383 91.00 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
125394 91.01 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
125405 91.00 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
125416 90.99 ms ix-ae-16-0.tcore1.tnk-toronto.as6453.net (64.86.33.98)
125427 232.42 ms if-ae-2-2.tcore2.tnk-toronto.as6453.net (64.86.33.90)
125438 232.39 ms if-ae-8-2.tcore1.ct8-chicago.as6453.net (66.110.48.2)
125449 232.45 ms if-ae-29-2.tcore2.sqn-san-jose.as6453.net (64.86.21.104)
1254510 195.54 ms if-ae-1-2.tcore1.sqn-san-jose.as6453.net (63.243.205.1)
1254611 201.76 ms if-ae-38-2.tcore2.sv1-santa-clara.as6453.net (63.243.205.75)
1254712 202.26 ms if-et-5-2.hcore1.kv8-chiba.as6453.net (209.58.86.143)
1254813 270.16 ms if-ae-21-2.tcore1.tv2-tokyo.as6453.net (120.29.217.66)
1254914 299.15 ms 180.87.180.62
1255015 ... 16
1255117 217.79 ms 54.239.52.97
1255218 217.27 ms 52.95.30.18
1255319 ... 21
1255422 274.91 ms 52.95.31.41
1255523 243.50 ms 52.95.31.219
1255624 253.06 ms 52.95.31.190
1255725 263.11 ms 52.95.31.124
1255826 272.86 ms 52.95.30.220
1255927 ... 30
12560
12561NSE: Script Post-scanning.
12562Initiating NSE at 15:18
12563Completed NSE at 15:18, 0.00s elapsed
12564Initiating NSE at 15:18
12565Completed NSE at 15:18, 0.00s elapsed
12566#######################################################################################################################################
12567Version: 1.11.13-static
12568OpenSSL 1.0.2-chacha (1.0.2g-dev)
12569
12570Connected to 52.198.68.5
12571
12572Testing SSL server 52.198.68.5 on port 443 using SNI name 52.198.68.5
12573
12574 TLS Fallback SCSV:
12575Server supports TLS Fallback SCSV
12576
12577 TLS renegotiation:
12578Secure session renegotiation supported
12579
12580 TLS Compression:
12581Compression disabled
12582
12583 Heartbleed:
12584TLS 1.2 not vulnerable to heartbleed
12585TLS 1.1 not vulnerable to heartbleed
12586TLS 1.0 not vulnerable to heartbleed
12587
12588 Supported Server Cipher(s):
12589Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
12590Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
12591Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12592Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
12593Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
12594Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12595Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12596Accepted TLSv1.2 256 bits AES256-GCM-SHA384
12597Accepted TLSv1.2 256 bits AES256-SHA256
12598Accepted TLSv1.2 256 bits AES256-SHA
12599Accepted TLSv1.2 256 bits CAMELLIA256-SHA
12600Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
12601Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
12602Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12603Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
12604Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
12605Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12606Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12607Accepted TLSv1.2 128 bits AES128-GCM-SHA256
12608Accepted TLSv1.2 128 bits AES128-SHA256
12609Accepted TLSv1.2 128 bits AES128-SHA
12610Accepted TLSv1.2 128 bits CAMELLIA128-SHA
12611Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
12612Accepted TLSv1.2 128 bits RC4-SHA
12613Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12614Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12615Accepted TLSv1.2 112 bits DES-CBC3-SHA
12616Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12617Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12618Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12619Accepted TLSv1.1 256 bits AES256-SHA
12620Accepted TLSv1.1 256 bits CAMELLIA256-SHA
12621Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12622Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12623Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12624Accepted TLSv1.1 128 bits AES128-SHA
12625Accepted TLSv1.1 128 bits CAMELLIA128-SHA
12626Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
12627Accepted TLSv1.1 128 bits RC4-SHA
12628Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12629Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12630Accepted TLSv1.1 112 bits DES-CBC3-SHA
12631Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12632Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12633Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
12634Accepted TLSv1.0 256 bits AES256-SHA
12635Accepted TLSv1.0 256 bits CAMELLIA256-SHA
12636Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12637Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12638Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
12639Accepted TLSv1.0 128 bits AES128-SHA
12640Accepted TLSv1.0 128 bits CAMELLIA128-SHA
12641Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
12642Accepted TLSv1.0 128 bits RC4-SHA
12643Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12644Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12645Accepted TLSv1.0 112 bits DES-CBC3-SHA
12646
12647 SSL Certificate:
12648Signature Algorithm: sha256WithRSAEncryption
12649RSA Key Strength: 2048
12650
12651Subject: www.vantec-gl.com
12652Altnames: DNS:www.vantec-gl.com, DNS:vantec-gl.com
12653Issuer: GlobalSign RSA OV SSL CA 2018
12654
12655Not valid before: Nov 6 07:06:11 2019 GMT
12656Not valid after: Dec 18 23:59:59 2020 GMT
12657#######################################################################################################################################
12658Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:23 EST
12659NSE: Loaded 47 scripts for scanning.
12660NSE: Script Pre-scanning.
12661Initiating NSE at 15:23
12662Completed NSE at 15:23, 0.00s elapsed
12663Initiating NSE at 15:23
12664Completed NSE at 15:23, 0.00s elapsed
12665Initiating Parallel DNS resolution of 1 host. at 15:23
12666Completed Parallel DNS resolution of 1 host. at 15:23, 0.02s elapsed
12667Initiating SYN Stealth Scan at 15:23
12668Scanning ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5) [65535 ports]
12669Discovered open port 80/tcp on 52.198.68.5
12670Discovered open port 443/tcp on 52.198.68.5
12671SYN Stealth Scan Timing: About 12.59% done; ETC: 15:27 (0:03:35 remaining)
12672SYN Stealth Scan Timing: About 39.19% done; ETC: 15:25 (0:01:35 remaining)
12673SYN Stealth Scan Timing: About 72.13% done; ETC: 15:25 (0:00:35 remaining)
12674Completed SYN Stealth Scan at 15:24, 113.13s elapsed (65535 total ports)
12675Initiating Service scan at 15:24
12676Scanning 2 services on ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
12677Completed Service scan at 15:25, 13.52s elapsed (2 services on 1 host)
12678Initiating OS detection (try #1) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
12679Retrying OS detection (try #2) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
12680Initiating Traceroute at 15:25
12681Completed Traceroute at 15:25, 0.11s elapsed
12682Initiating Parallel DNS resolution of 2 hosts. at 15:25
12683Completed Parallel DNS resolution of 2 hosts. at 15:25, 0.00s elapsed
12684NSE: Script scanning 52.198.68.5.
12685Initiating NSE at 15:25
12686Completed NSE at 15:25, 6.69s elapsed
12687Initiating NSE at 15:25
12688Completed NSE at 15:25, 2.10s elapsed
12689Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
12690Host is up (0.091s latency).
12691Not shown: 65530 filtered ports
12692PORT STATE SERVICE VERSION
1269325/tcp closed smtp
1269480/tcp open http Apache httpd
12695|_http-server-header: Apache
12696| vulscan: VulDB - https://vuldb.com:
12697| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12698| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12699| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12700| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12701| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12702| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12703| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12704| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12705| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12706| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12707| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12708| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12709| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12710| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12711| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12712| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12713| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12714| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12715| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12716| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12717| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12718| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12719| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12720| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12721| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12722| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12723| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12724| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12725| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12726| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12727| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12728| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12729| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12730| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12731| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12732| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12733| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12734| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12735| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12736| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12737| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12738| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12739| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12740| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12741| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12742| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12743| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12744| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12745| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12746| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12747| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12748| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12749| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12750| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12751| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12752| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12753| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12754| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12755| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12756| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12757| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12758| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12759| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12760| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12761| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12762| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12763| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12764| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12765| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12766| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12767| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12768| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12769| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12770| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12771| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12772| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12773| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12774| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12775| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12776| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12777| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12778| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12779| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12780| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12781| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12782| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12783| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12784| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12785| [136370] Apache Fineract up to 1.2.x sql injection
12786| [136369] Apache Fineract up to 1.2.x sql injection
12787| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12788| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12789| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12790| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12791| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12792| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12793| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12794| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12795| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12796| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12797| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12798| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12799| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12800| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12801| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12802| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12803| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12804| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12805| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12806| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12807| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12808| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12809| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12810| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12811| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12812| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12813| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12814| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12815| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12816| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12817| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12818| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12819| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12820| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12821| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12822| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12823| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12824| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12825| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12826| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12827| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12828| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12829| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12830| [130629] Apache Guacamole Cookie Flag weak encryption
12831| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12832| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12833| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12834| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12835| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12836| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12837| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12838| [130123] Apache Airflow up to 1.8.2 information disclosure
12839| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12840| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12841| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12842| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12843| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12844| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12845| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12846| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12847| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12848| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12849| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12850| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12851| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12852| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12853| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12854| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12855| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12856| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12857| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12858| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12859| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12860| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12861| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12862| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12863| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12864| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12865| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12866| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12867| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12868| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12869| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12870| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12871| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12872| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12873| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12874| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12875| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12876| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12877| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12878| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12879| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12880| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12881| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12882| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12883| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12884| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12885| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12886| [127007] Apache Spark Request Code Execution
12887| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12888| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12889| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12890| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12891| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12892| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12893| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12894| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12895| [126346] Apache Tomcat Path privilege escalation
12896| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12897| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12898| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12899| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12900| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12901| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12902| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12903| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12904| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12905| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12906| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12907| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12908| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12909| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12910| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12911| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12912| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12913| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12914| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12915| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12916| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12917| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12918| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12919| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12920| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12921| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12922| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12923| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12924| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12925| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12926| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12927| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12928| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12929| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12930| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12931| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12932| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12933| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12934| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12935| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12936| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12937| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12938| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12939| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12940| [123197] Apache Sentry up to 2.0.0 privilege escalation
12941| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12942| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12943| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12944| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12945| [122800] Apache Spark 1.3.0 REST API weak authentication
12946| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12947| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12948| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12949| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12950| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12951| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12952| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12953| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12954| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12955| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12956| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12957| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12958| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12959| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12960| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12961| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12962| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12963| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12964| [121354] Apache CouchDB HTTP API Code Execution
12965| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12966| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12967| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12968| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12969| [120168] Apache CXF weak authentication
12970| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12971| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12972| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12973| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12974| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12975| [119306] Apache MXNet Network Interface privilege escalation
12976| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12977| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12978| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12979| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12980| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12981| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12982| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12983| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12984| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12985| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12986| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12987| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12988| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12989| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12990| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12991| [117115] Apache Tika up to 1.17 tika-server command injection
12992| [116929] Apache Fineract getReportType Parameter privilege escalation
12993| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12994| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12995| [116926] Apache Fineract REST Parameter privilege escalation
12996| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12997| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12998| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12999| [115883] Apache Hive up to 2.3.2 privilege escalation
13000| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
13001| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
13002| [115518] Apache Ignite 2.3 Deserialization privilege escalation
13003| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
13004| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
13005| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
13006| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
13007| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
13008| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
13009| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
13010| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
13011| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
13012| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
13013| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
13014| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
13015| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
13016| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
13017| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
13018| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
13019| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
13020| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
13021| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
13022| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
13023| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
13024| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
13025| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
13026| [113895] Apache Geode up to 1.3.x Code Execution
13027| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
13028| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
13029| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
13030| [113747] Apache Tomcat Servlets privilege escalation
13031| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
13032| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
13033| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
13034| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
13035| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
13036| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13037| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
13038| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13039| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
13040| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
13041| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
13042| [112885] Apache Allura up to 1.8.0 File information disclosure
13043| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
13044| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
13045| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
13046| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
13047| [112625] Apache POI up to 3.16 Loop denial of service
13048| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
13049| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
13050| [112339] Apache NiFi 1.5.0 Header privilege escalation
13051| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
13052| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
13053| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
13054| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
13055| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
13056| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
13057| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
13058| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
13059| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
13060| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
13061| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
13062| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
13063| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
13064| [112114] Oracle 9.1 Apache Log4j privilege escalation
13065| [112113] Oracle 9.1 Apache Log4j privilege escalation
13066| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
13067| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
13068| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
13069| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
13070| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
13071| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
13072| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
13073| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
13074| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
13075| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
13076| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
13077| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
13078| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
13079| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13080| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13081| [110701] Apache Fineract Query Parameter sql injection
13082| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13083| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13084| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13085| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13086| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13087| [110106] Apache CXF Fediz Spring cross site request forgery
13088| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13089| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13090| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13091| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13092| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13093| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13094| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13095| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13096| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13097| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13098| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13099| [108938] Apple macOS up to 10.13.1 apache denial of service
13100| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13101| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13102| [108935] Apple macOS up to 10.13.1 apache denial of service
13103| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13104| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13105| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13106| [108931] Apple macOS up to 10.13.1 apache denial of service
13107| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13108| [108929] Apple macOS up to 10.13.1 apache denial of service
13109| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13110| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13111| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13112| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13113| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13114| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13115| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13116| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13117| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13118| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13119| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13120| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13121| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13122| [108782] Apache Xerces2 XML Service denial of service
13123| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13124| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13125| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13126| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13127| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13128| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13129| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13130| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13131| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13132| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13133| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13134| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13135| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13136| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13137| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13138| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13139| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13140| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13141| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13142| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13143| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13144| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13145| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13146| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13147| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13148| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13149| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13150| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13151| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13152| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13153| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13154| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13155| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13156| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13157| [107639] Apache NiFi 1.4.0 XML External Entity
13158| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13159| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13160| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13161| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13162| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13163| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13164| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13165| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13166| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13167| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13168| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13169| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13170| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13171| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13172| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13173| [107084] Apache Struts up to 2.3.19 cross site scripting
13174| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13175| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13176| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13177| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13178| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13179| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13180| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13181| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13182| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13183| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13184| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13185| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13186| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13187| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13188| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13189| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13190| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13191| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13192| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13193| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13194| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13195| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13196| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13197| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13198| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13199| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13200| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13201| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13202| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13203| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13204| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13205| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13206| [105643] Apache Pony Mail up to 0.8b weak authentication
13207| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13208| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13209| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13210| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13211| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13212| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13213| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13214| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13215| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13216| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13217| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13218| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13219| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13220| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13221| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13222| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13223| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13224| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13225| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13226| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13227| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13228| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13229| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13230| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13231| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13232| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13233| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13234| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13235| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13236| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13237| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13238| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13239| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13240| [103690] Apache OpenMeetings 1.0.0 sql injection
13241| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13242| [103688] Apache OpenMeetings 1.0.0 weak encryption
13243| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13244| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13245| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13246| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13247| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13248| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13249| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13250| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13251| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13252| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13253| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13254| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13255| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13256| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13257| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13258| [103352] Apache Solr Node weak authentication
13259| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13260| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13261| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13262| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13263| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13264| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13265| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13266| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13267| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13268| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13269| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13270| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13271| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13272| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13273| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13274| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13275| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13276| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13277| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13278| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13279| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13280| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13281| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13282| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13283| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13284| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13285| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13286| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13287| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13288| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13289| [99937] Apache Batik up to 1.8 privilege escalation
13290| [99936] Apache FOP up to 2.1 privilege escalation
13291| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13292| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13293| [99930] Apache Traffic Server up to 6.2.0 denial of service
13294| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13295| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13296| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13297| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13298| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13299| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13300| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13301| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13302| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13303| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13304| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13305| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13306| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13307| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13308| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13309| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13310| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13311| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13312| [98605] Apple macOS up to 10.12.3 Apache denial of service
13313| [98604] Apple macOS up to 10.12.3 Apache denial of service
13314| [98603] Apple macOS up to 10.12.3 Apache denial of service
13315| [98602] Apple macOS up to 10.12.3 Apache denial of service
13316| [98601] Apple macOS up to 10.12.3 Apache denial of service
13317| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13318| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13319| [98199] Apache Camel Validation XML External Entity
13320| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13321| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13322| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13323| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13324| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13325| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13326| [97081] Apache Tomcat HTTPS Request denial of service
13327| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13328| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13329| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13330| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13331| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13332| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13333| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13334| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13335| [95311] Apache Storm UI Daemon privilege escalation
13336| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13337| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13338| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13339| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13340| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13341| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13342| [94540] Apache Tika 1.9 tika-server File information disclosure
13343| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13344| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13345| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13346| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13347| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13348| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13349| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13350| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13351| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13352| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13353| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13354| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13355| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13356| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13357| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13358| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13359| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13360| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13361| [93532] Apache Commons Collections Library Java privilege escalation
13362| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13363| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13364| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13365| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13366| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13367| [93098] Apache Commons FileUpload privilege escalation
13368| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13369| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13370| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13371| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13372| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13373| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13374| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13375| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13376| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13377| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13378| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13379| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13380| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13381| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13382| [92549] Apache Tomcat on Red Hat privilege escalation
13383| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13384| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13385| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13386| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13387| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13388| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13389| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13390| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13391| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13392| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13393| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13394| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13395| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13396| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13397| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13398| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13399| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13400| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13401| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13402| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13403| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13404| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13405| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13406| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13407| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13408| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13409| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13410| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13411| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13412| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13413| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13414| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13415| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13416| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13417| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13418| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13419| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13420| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13421| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13422| [90263] Apache Archiva Header denial of service
13423| [90262] Apache Archiva Deserialize privilege escalation
13424| [90261] Apache Archiva XML DTD Connection privilege escalation
13425| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13426| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13427| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13428| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13429| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13430| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13431| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13432| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13433| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13434| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13435| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13436| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13437| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13438| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13439| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13440| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13441| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13442| [87765] Apache James Server 2.3.2 Command privilege escalation
13443| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13444| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13445| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13446| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13447| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13448| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13449| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13450| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13451| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13452| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13453| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13454| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13455| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13456| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13457| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13458| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13459| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13460| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13461| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13462| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13463| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13464| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13465| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13466| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13467| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13468| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13469| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13470| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13471| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13472| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13473| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13474| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13475| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13476| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13477| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13478| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13479| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13480| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13481| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13482| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13483| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13484| [82076] Apache Ranger up to 0.5.1 privilege escalation
13485| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13486| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13487| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13488| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13489| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13490| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13491| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13492| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13493| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13494| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13495| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13496| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13497| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13498| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13499| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13500| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13501| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13502| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13503| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13504| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13505| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13506| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13507| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13508| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13509| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13510| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13511| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13512| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13513| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13514| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13515| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13516| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13517| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13518| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13519| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13520| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13521| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13522| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13523| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13524| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13525| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13526| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13527| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13528| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13529| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13530| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13531| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13532| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13533| [78989] Apache Ambari up to 2.1.1 Open Redirect
13534| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13535| [78987] Apache Ambari up to 2.0.x cross site scripting
13536| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13537| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13538| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13539| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13540| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13541| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13542| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13543| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13544| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13545| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13546| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13547| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13548| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13549| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13550| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13551| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13552| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13553| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13554| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13555| [76567] Apache Struts 2.3.20 unknown vulnerability
13556| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13557| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13558| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13559| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13560| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13561| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13562| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13563| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13564| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13565| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13566| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13567| [74793] Apache Tomcat File Upload denial of service
13568| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13569| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13570| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13571| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13572| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13573| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13574| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13575| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13576| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13577| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13578| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13579| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13580| [74468] Apache Batik up to 1.6 denial of service
13581| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13582| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13583| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13584| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13585| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13586| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13587| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13588| [73731] Apache XML Security unknown vulnerability
13589| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13590| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13591| [73593] Apache Traffic Server up to 5.1.0 denial of service
13592| [73511] Apache POI up to 3.10 Deadlock denial of service
13593| [73510] Apache Solr up to 4.3.0 cross site scripting
13594| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13595| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13596| [73173] Apache CloudStack Stack-Based unknown vulnerability
13597| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13598| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13599| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13600| [72890] Apache Qpid 0.30 unknown vulnerability
13601| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13602| [72878] Apache Cordova 3.5.0 cross site request forgery
13603| [72877] Apache Cordova 3.5.0 cross site request forgery
13604| [72876] Apache Cordova 3.5.0 cross site request forgery
13605| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13606| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13607| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13608| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13609| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13610| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13611| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13612| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13613| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13614| [71629] Apache Axis2/C spoofing
13615| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13616| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13617| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13618| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13619| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13620| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13621| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13622| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13623| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13624| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13625| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13626| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13627| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13628| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13629| [70809] Apache POI up to 3.11 Crash denial of service
13630| [70808] Apache POI up to 3.10 unknown vulnerability
13631| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13632| [70749] Apache Axis up to 1.4 getCN spoofing
13633| [70701] Apache Traffic Server up to 3.3.5 denial of service
13634| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13635| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13636| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13637| [70661] Apache Subversion up to 1.6.17 denial of service
13638| [70660] Apache Subversion up to 1.6.17 spoofing
13639| [70659] Apache Subversion up to 1.6.17 spoofing
13640| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13641| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13642| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13643| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13644| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13645| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13646| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13647| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13648| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13649| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13650| [69846] Apache HBase up to 0.94.8 information disclosure
13651| [69783] Apache CouchDB up to 1.2.0 memory corruption
13652| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13653| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13654| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13655| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13656| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13657| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13658| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13659| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13660| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13661| [69431] Apache Archiva up to 1.3.6 cross site scripting
13662| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13663| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13664| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13665| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13666| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13667| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13668| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13669| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13670| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13671| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13672| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13673| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13674| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13675| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13676| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13677| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13678| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13679| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13680| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13681| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13682| [66356] Apache Wicket up to 6.8.0 information disclosure
13683| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13684| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13685| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13686| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13687| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13688| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13689| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13690| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13691| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13692| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13693| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13694| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13695| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13696| [65668] Apache Solr 4.0.0 Updater denial of service
13697| [65665] Apache Solr up to 4.3.0 denial of service
13698| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13699| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13700| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13701| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13702| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13703| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13704| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13705| [65410] Apache Struts 2.3.15.3 cross site scripting
13706| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13707| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13708| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13709| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13710| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13711| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13712| [65340] Apache Shindig 2.5.0 information disclosure
13713| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13714| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13715| [10826] Apache Struts 2 File privilege escalation
13716| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13717| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13718| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13719| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13720| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13721| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13722| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13723| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13724| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13725| [64722] Apache XML Security for C++ Heap-based memory corruption
13726| [64719] Apache XML Security for C++ Heap-based memory corruption
13727| [64718] Apache XML Security for C++ verify denial of service
13728| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13729| [64716] Apache XML Security for C++ spoofing
13730| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13731| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13732| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13733| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13734| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13735| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13736| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13737| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13738| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13739| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13740| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13741| [64467] Apache Geronimo 3.0 memory corruption
13742| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13743| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13744| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13745| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13746| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13747| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13748| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13749| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13750| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13751| [8873] Apache Struts 2.3.14 privilege escalation
13752| [8872] Apache Struts 2.3.14 privilege escalation
13753| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13754| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13755| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13756| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13757| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13758| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13759| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13760| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13761| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13762| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13763| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13764| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13765| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13766| [8427] Apache Tomcat Session Transaction weak authentication
13767| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13768| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13769| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13770| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13771| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13772| [63747] Apache Rave up to 0.20 User Account information disclosure
13773| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13774| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13775| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13776| [7687] Apache CXF up to 2.7.2 Token weak authentication
13777| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13778| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13779| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13780| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13781| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13782| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13783| [63090] Apache Tomcat up to 4.1.24 denial of service
13784| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13785| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13786| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13787| [62833] Apache CXF -/2.6.0 spoofing
13788| [62832] Apache Axis2 up to 1.6.2 spoofing
13789| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13790| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13791| [62826] Apache Libcloud up to 0.11.0 spoofing
13792| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13793| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13794| [62661] Apache Axis2 unknown vulnerability
13795| [62658] Apache Axis2 unknown vulnerability
13796| [62467] Apache Qpid up to 0.17 denial of service
13797| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13798| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13799| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13800| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13801| [62035] Apache Struts up to 2.3.4 denial of service
13802| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13803| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13804| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13805| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13806| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13807| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13808| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13809| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13810| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13811| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13812| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13813| [61229] Apache Sling up to 2.1.1 denial of service
13814| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13815| [61094] Apache Roller up to 5.0 cross site scripting
13816| [61093] Apache Roller up to 5.0 cross site request forgery
13817| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13818| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13819| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13820| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13821| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13822| [60708] Apache Qpid 0.12 unknown vulnerability
13823| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13824| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13825| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13826| [4882] Apache Wicket up to 1.5.4 directory traversal
13827| [4881] Apache Wicket up to 1.4.19 cross site scripting
13828| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13829| [60352] Apache Struts up to 2.2.3 memory corruption
13830| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13831| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13832| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13833| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13834| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13835| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13836| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13837| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13838| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13839| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13840| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13841| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13842| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13843| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13844| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13845| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13846| [59888] Apache Tomcat up to 6.0.6 denial of service
13847| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13848| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13849| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13850| [59850] Apache Geronimo up to 2.2.1 denial of service
13851| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13852| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13853| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13854| [58413] Apache Tomcat up to 6.0.10 spoofing
13855| [58381] Apache Wicket up to 1.4.17 cross site scripting
13856| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13857| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13858| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13859| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13860| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13861| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13862| [57568] Apache Archiva up to 1.3.4 cross site scripting
13863| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13864| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13865| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13866| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13867| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13868| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13869| [57025] Apache Tomcat up to 7.0.11 information disclosure
13870| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13871| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13872| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13873| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13874| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13875| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13876| [56512] Apache Continuum up to 1.4.0 cross site scripting
13877| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13878| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13879| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13880| [56441] Apache Tomcat up to 7.0.6 denial of service
13881| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13882| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13883| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13884| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13885| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13886| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13887| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13888| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13889| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13890| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13891| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13892| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13893| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13894| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13895| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13896| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13897| [54012] Apache Tomcat up to 6.0.10 denial of service
13898| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13899| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13900| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13901| [52894] Apache Tomcat up to 6.0.7 information disclosure
13902| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13903| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13904| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13905| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13906| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13907| [52584] Apache CouchDB up to 0.10.1 information disclosure
13908| [51757] Apache HTTP Server 2.0.44 cross site scripting
13909| [51756] Apache HTTP Server 2.0.44 spoofing
13910| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13911| [51690] Apache Tomcat up to 6.0 directory traversal
13912| [51689] Apache Tomcat up to 6.0 information disclosure
13913| [51688] Apache Tomcat up to 6.0 directory traversal
13914| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13915| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13916| [50626] Apache Solr 1.0.0 cross site scripting
13917| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13918| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13919| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13920| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13921| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13922| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13923| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13924| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13925| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13926| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13927| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13928| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13929| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13930| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13931| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13932| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13933| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13934| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13935| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13936| [47214] Apachefriends xampp 1.6.8 spoofing
13937| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13938| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13939| [47065] Apache Tomcat 4.1.23 cross site scripting
13940| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13941| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13942| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13943| [86625] Apache Struts directory traversal
13944| [44461] Apache Tomcat up to 5.5.0 information disclosure
13945| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13946| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13947| [43663] Apache Tomcat up to 6.0.16 directory traversal
13948| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13949| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13950| [43516] Apache Tomcat up to 4.1.20 directory traversal
13951| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13952| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13953| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13954| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13955| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13956| [40924] Apache Tomcat up to 6.0.15 information disclosure
13957| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13958| [40922] Apache Tomcat up to 6.0 information disclosure
13959| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13960| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13961| [40656] Apache Tomcat 5.5.20 information disclosure
13962| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13963| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13964| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13965| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13966| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13967| [40234] Apache Tomcat up to 6.0.15 directory traversal
13968| [40221] Apache HTTP Server 2.2.6 information disclosure
13969| [40027] David Castro Apache Authcas 0.4 sql injection
13970| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13971| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13972| [3414] Apache Tomcat WebDAV Stored privilege escalation
13973| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13974| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13975| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13976| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13977| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13978| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13979| [38524] Apache Geronimo 2.0 unknown vulnerability
13980| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13981| [38331] Apache Tomcat 4.1.24 information disclosure
13982| [38330] Apache Tomcat 4.1.24 information disclosure
13983| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13984| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13985| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13986| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13987| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13988| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13989| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13990| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13991| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13992| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13993| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13994| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13995| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13996| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13997| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13998| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13999| [36225] XAMPP Apache Distribution 1.6.0a sql injection
14000| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
14001| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
14002| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
14003| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
14004| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
14005| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
14006| [34252] Apache HTTP Server denial of service
14007| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
14008| [33877] Apache Opentaps 0.9.3 cross site scripting
14009| [33876] Apache Open For Business Project unknown vulnerability
14010| [33875] Apache Open For Business Project cross site scripting
14011| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
14012| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
14013|
14014| MITRE CVE - https://cve.mitre.org:
14015| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
14016| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
14017| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
14018| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
14019| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
14020| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
14021| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
14022| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
14023| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
14024| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
14025| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
14026| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
14027| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
14028| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
14029| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
14030| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
14031| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
14032| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
14033| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
14034| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
14035| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
14036| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
14037| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
14038| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
14039| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
14040| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
14041| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
14042| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
14043| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
14044| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
14045| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14046| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
14047| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
14048| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
14049| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
14050| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
14051| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
14052| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
14053| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
14054| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
14055| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
14056| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14057| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14058| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14059| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14060| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
14061| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
14062| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
14063| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
14064| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
14065| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
14066| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
14067| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
14068| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
14069| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
14070| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
14071| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
14072| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
14073| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
14074| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
14075| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
14076| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
14077| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
14078| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
14079| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14080| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14081| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14082| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14083| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14084| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14085| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14086| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14087| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14088| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14089| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14090| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14091| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14092| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14093| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14094| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14095| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14096| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14097| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14098| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14099| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14100| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14101| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14102| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14103| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14104| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14105| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14106| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14107| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14108| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14109| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14110| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14111| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14112| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14113| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14114| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14115| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14116| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14117| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14118| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14119| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14120| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14121| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14122| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14123| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14124| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14125| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14126| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14127| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14128| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14129| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14130| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14131| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14132| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14133| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14134| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14135| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14136| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14137| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14138| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14139| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14140| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14141| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14142| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14143| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14144| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14145| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14146| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14147| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14148| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14149| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14150| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14151| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14152| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14153| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14154| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14155| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14156| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14157| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14158| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14159| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14160| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14161| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14162| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14163| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14164| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14165| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14166| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14167| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14168| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14169| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14170| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14171| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14172| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14173| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14174| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14175| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14176| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14177| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14178| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14179| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14180| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14181| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14182| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14183| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14184| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14185| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14186| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14187| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14188| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14189| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14190| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14191| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14192| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14193| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14194| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14195| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14196| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14197| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14198| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14199| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14200| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14201| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14202| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14203| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14204| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14205| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14206| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14207| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14208| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14209| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14210| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14211| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14212| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14213| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14214| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14215| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14216| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14217| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14218| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14219| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14220| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14221| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14222| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14223| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14224| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14225| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14226| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14227| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14228| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14229| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14230| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14231| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14232| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14233| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14234| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14235| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14236| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14237| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14238| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14239| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14240| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14241| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14242| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14243| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14244| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14245| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14246| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14247| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14248| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14249| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14250| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14251| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14252| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14253| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14254| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14255| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14256| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14257| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14258| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14259| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14260| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14261| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14262| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14263| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14264| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14265| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14266| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14267| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14268| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14269| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14270| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14271| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14272| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14273| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14274| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14275| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14276| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14277| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14278| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14279| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14280| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14281| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14282| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14283| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14284| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14285| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14286| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14287| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14288| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14289| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14290| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14291| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14292| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14293| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14294| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14295| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14296| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14297| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14298| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14299| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14300| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14301| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14302| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14303| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14304| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14305| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14306| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14307| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14308| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14309| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14310| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14311| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14312| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14313| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14314| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14315| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14316| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14317| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14318| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14319| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14320| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14321| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14322| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14323| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14324| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14325| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14326| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14327| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14328| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14329| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14330| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14331| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14332| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14333| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14334| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14335| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14336| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14337| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14338| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14339| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14340| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14341| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14342| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14343| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14344| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14345| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14346| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14347| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14348| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14349| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14350| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14351| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14352| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14353| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14354| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14355| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14356| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14357| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14358| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14359| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14360| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14361| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14362| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14363| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14364| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14365| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14366| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14367| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14368| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14369| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14370| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14371| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14372| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14373| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14374| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14375| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14376| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14377| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14378| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14379| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14380| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14381| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14382| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14383| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14384| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14385| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14386| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14387| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14388| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14389| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14390| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14391| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14392| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14393| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14394| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14395| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14396| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14397| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14398| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14399| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14400| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14401| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14402| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14403| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14404| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14405| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14406| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14407| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14408| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14409| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14410| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14411| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14412| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14413| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14414| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14415| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14416| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14417| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14418| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14419| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14420| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14421| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14422| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14423| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14424| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14425| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14426| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14427| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14428| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14429| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14430| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14431| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14432| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14433| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14434| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14435| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14436| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14437| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14438| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14439| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14440| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14441| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14442| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14443| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14444| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14445| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14446| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14447| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14448| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14449| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14450| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14451| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14452| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14453| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14454| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14455| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14456| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14457| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14458| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14459| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14460| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14461| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14462| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14463| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14464| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14465| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14466| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14467| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14468| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14469| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14470| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14471| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14472| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14473| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14474| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14475| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14476| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14477| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14478| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14479| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14480| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14481| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14482| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14483| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14484| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14485| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14486| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14487| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14488| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14489| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14490| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14491| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14492| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14493| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14494| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14495| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14496| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14497| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14498| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14499| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14500| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14501| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14502| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14503| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14504| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14505| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14506| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14507| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14508| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14509| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14510| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14511| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14512| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14513| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14514| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14515| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14516| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14517| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14518| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14519| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14520| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14521| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14522| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14523| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14524| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14525| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14526| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14527| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14528| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14529| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14530| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14531| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14532| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14533| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14534| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14535| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14536| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14537| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14538| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14539| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14540| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14541| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14542| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14543| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14544| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14545| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14546| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14547| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14548| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14549| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14550| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14551| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14552| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14553| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14554| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14555| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14556| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14557| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14558| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14559| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14560| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14561| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14562| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14563| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14564| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14565| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14566| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14567| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14568| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14569| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14570| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14571| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14572| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14573| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14574| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14575| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14576| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14577| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14578| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14579| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14580| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14581| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14582| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14583| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14584| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14585| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14586| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14587| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14588| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14589| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14590| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14591| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14592| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14593| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14594| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14595| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14596| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14597| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14598| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14599| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14600| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14601| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14602| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14603| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14604| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14605| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14606| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14607| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14608| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14609| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14610| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14611| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14612| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14613| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14614| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14615| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14616| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14617| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14618| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14619| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14620| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14621| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14622| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14623| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14624|
14625| SecurityFocus - https://www.securityfocus.com/bid/:
14626| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14627| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14628| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14629| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14630| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14631| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14632| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14633| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14634| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14635| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14636| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14637| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14638| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14639| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14640| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14641| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14642| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14643| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14644| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14645| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14646| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14647| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14648| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14649| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14650| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14651| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14652| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14653| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14654| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14655| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14656| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14657| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14658| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14659| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14660| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14661| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14662| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14663| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14664| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14665| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14666| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14667| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14668| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14669| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14670| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14671| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14672| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14673| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14674| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14675| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14676| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14677| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14678| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14679| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14680| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14681| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14682| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14683| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14684| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14685| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14686| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14687| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14688| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14689| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14690| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14691| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14692| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14693| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14694| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14695| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14696| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14697| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14698| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14699| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14700| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14701| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14702| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14703| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14704| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14705| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14706| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14707| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14708| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14709| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14710| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14711| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14712| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14713| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14714| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14715| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14716| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14717| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14718| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14719| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14720| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14721| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14722| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14723| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14724| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14725| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14726| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14727| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14728| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14729| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14730| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14731| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14732| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14733| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14734| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14735| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14736| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14737| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14738| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14739| [100447] Apache2Triad Multiple Security Vulnerabilities
14740| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14741| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14742| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14743| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14744| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14745| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14746| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14747| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14748| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14749| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14750| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14751| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14752| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14753| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14754| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14755| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14756| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14757| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14758| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14759| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14760| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14761| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14762| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14763| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14764| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14765| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14766| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14767| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14768| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14769| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14770| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14771| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14772| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14773| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14774| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14775| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14776| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14777| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14778| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14779| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14780| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14781| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14782| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14783| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14784| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14785| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14786| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14787| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14788| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14789| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14790| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14791| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14792| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14793| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14794| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14795| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14796| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14797| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14798| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14799| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14800| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14801| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14802| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14803| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14804| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14805| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14806| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14807| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14808| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14809| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14810| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14811| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14812| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14813| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14814| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14815| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14816| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14817| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14818| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14819| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14820| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14821| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14822| [95675] Apache Struts Remote Code Execution Vulnerability
14823| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14824| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14825| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14826| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14827| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14828| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14829| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14830| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14831| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14832| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14833| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14834| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14835| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14836| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14837| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14838| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14839| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14840| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14841| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14842| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14843| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14844| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14845| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14846| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14847| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14848| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14849| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14850| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14851| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14852| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14853| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14854| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14855| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14856| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14857| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14858| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14859| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14860| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14861| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14862| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14863| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14864| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14865| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14866| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14867| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14868| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14869| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14870| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14871| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14872| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14873| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14874| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14875| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14876| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14877| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14878| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14879| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14880| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14881| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14882| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14883| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14884| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14885| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14886| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14887| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14888| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14889| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14890| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14891| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14892| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14893| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14894| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14895| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14896| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14897| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14898| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14899| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14900| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14901| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14902| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14903| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14904| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14905| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14906| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14907| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14908| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14909| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14910| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14911| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14912| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14913| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14914| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14915| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14916| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14917| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14918| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14919| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14920| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14921| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14922| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14923| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14924| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14925| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14926| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14927| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14928| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14929| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14930| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14931| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14932| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14933| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14934| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14935| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14936| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14937| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14938| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14939| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14940| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14941| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14942| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14943| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14944| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14945| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14946| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14947| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14948| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14949| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14950| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14951| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14952| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14953| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14954| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14955| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14956| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14957| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14958| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14959| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14960| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14961| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14962| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14963| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14964| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14965| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14966| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14967| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14968| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14969| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14970| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14971| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14972| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14973| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14974| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14975| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14976| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14977| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14978| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14979| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14980| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14981| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14982| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14983| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14984| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14985| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14986| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14987| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14988| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14989| [76933] Apache James Server Unspecified Command Execution Vulnerability
14990| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14991| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14992| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14993| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14994| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14995| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14996| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14997| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14998| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14999| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
15000| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
15001| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
15002| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
15003| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
15004| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
15005| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
15006| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
15007| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
15008| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
15009| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
15010| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
15011| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
15012| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
15013| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
15014| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
15015| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
15016| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
15017| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
15018| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
15019| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
15020| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
15021| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
15022| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
15023| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
15024| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
15025| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
15026| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
15027| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
15028| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
15029| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
15030| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
15031| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
15032| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
15033| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
15034| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
15035| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
15036| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
15037| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
15038| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
15039| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
15040| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
15041| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
15042| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
15043| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
15044| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
15045| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
15046| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
15047| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
15048| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
15049| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
15050| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
15051| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
15052| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
15053| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
15054| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
15055| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
15056| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
15057| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
15058| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
15059| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
15060| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
15061| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
15062| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
15063| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
15064| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
15065| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
15066| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
15067| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
15068| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
15069| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
15070| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
15071| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
15072| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
15073| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
15074| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
15075| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
15076| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
15077| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
15078| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
15079| [68229] Apache Harmony PRNG Entropy Weakness
15080| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15081| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15082| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15083| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15084| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15085| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15086| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15087| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15088| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15089| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15090| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15091| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15092| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15093| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15094| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15095| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15096| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15097| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15098| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15099| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15100| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15101| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15102| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15103| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15104| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15105| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15106| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15107| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15108| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15109| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15110| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15111| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15112| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15113| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15114| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15115| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15116| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15117| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15118| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15119| [64780] Apache CloudStack Unauthorized Access Vulnerability
15120| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15121| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15122| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15123| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15124| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15125| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15126| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15127| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15128| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15129| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15130| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15131| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15132| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15133| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15134| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15135| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15136| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15137| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15138| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15139| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15140| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15141| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15142| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15143| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15144| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15145| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15146| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15147| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15148| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15149| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15150| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15151| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15152| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15153| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15154| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15155| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15156| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15157| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15158| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15159| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15160| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15161| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15162| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15163| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15164| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15165| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15166| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15167| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15168| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15169| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15170| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15171| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15172| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15173| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15174| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15175| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15176| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15177| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15178| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15179| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15180| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15181| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15182| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15183| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15184| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15185| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15186| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15187| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15188| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15189| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15190| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15191| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15192| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15193| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15194| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15195| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15196| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15197| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15198| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15199| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15200| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15201| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15202| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15203| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15204| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15205| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15206| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15207| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15208| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15209| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15210| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15211| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15212| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15213| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15214| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15215| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15216| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15217| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15218| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15219| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15220| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15221| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15222| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15223| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15224| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15225| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15226| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15227| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15228| [54798] Apache Libcloud Man In The Middle Vulnerability
15229| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15230| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15231| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15232| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15233| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15234| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15235| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15236| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15237| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15238| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15239| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15240| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15241| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15242| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15243| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15244| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15245| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15246| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15247| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15248| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15249| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15250| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15251| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15252| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15253| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15254| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15255| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15256| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15257| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15258| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15259| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15260| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15261| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15262| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15263| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15264| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15265| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15266| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15267| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15268| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15269| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15270| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15271| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15272| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15273| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15274| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15275| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15276| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15277| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15278| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15279| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15280| [49290] Apache Wicket Cross Site Scripting Vulnerability
15281| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15282| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15283| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15284| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15285| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15286| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15287| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15288| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15289| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15290| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15291| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15292| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15293| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15294| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15295| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15296| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15297| [46953] Apache MPM-ITK Module Security Weakness
15298| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15299| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15300| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15301| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15302| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15303| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15304| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15305| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15306| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15307| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15308| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15309| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15310| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15311| [44616] Apache Shiro Directory Traversal Vulnerability
15312| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15313| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15314| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15315| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15316| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15317| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15318| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15319| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15320| [42492] Apache CXF XML DTD Processing Security Vulnerability
15321| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15322| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15323| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15324| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15325| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15326| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15327| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15328| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15329| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15330| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15331| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15332| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15333| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15334| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15335| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15336| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15337| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15338| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15339| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15340| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15341| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15342| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15343| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15344| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15345| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15346| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15347| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15348| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15349| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15350| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15351| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15352| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15353| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15354| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15355| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15356| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15357| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15358| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15359| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15360| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15361| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15362| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15363| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15364| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15365| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15366| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15367| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15368| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15369| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15370| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15371| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15372| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15373| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15374| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15375| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15376| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15377| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15378| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15379| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15380| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15381| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15382| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15383| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15384| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15385| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15386| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15387| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15388| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15389| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15390| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15391| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15392| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15393| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15394| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15395| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15396| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15397| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15398| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15399| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15400| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15401| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15402| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15403| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15404| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15405| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15406| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15407| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15408| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15409| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15410| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15411| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15412| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15413| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15414| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15415| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15416| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15417| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15418| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15419| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15420| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15421| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15422| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15423| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15424| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15425| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15426| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15427| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15428| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15429| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15430| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15431| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15432| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15433| [20527] Apache Mod_TCL Remote Format String Vulnerability
15434| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15435| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15436| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15437| [19106] Apache Tomcat Information Disclosure Vulnerability
15438| [18138] Apache James SMTP Denial Of Service Vulnerability
15439| [17342] Apache Struts Multiple Remote Vulnerabilities
15440| [17095] Apache Log4Net Denial Of Service Vulnerability
15441| [16916] Apache mod_python FileSession Code Execution Vulnerability
15442| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15443| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15444| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15445| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15446| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15447| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15448| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15449| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15450| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15451| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15452| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15453| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15454| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15455| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15456| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15457| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15458| [14106] Apache HTTP Request Smuggling Vulnerability
15459| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15460| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15461| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15462| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15463| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15464| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15465| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15466| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15467| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15468| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15469| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15470| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15471| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15472| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15473| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15474| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15475| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15476| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15477| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15478| [11094] Apache mod_ssl Denial Of Service Vulnerability
15479| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15480| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15481| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15482| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15483| [10478] ClueCentral Apache Suexec Patch Security Weakness
15484| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15485| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15486| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15487| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15488| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15489| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15490| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15491| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15492| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15493| [9733] Apache Cygwin Directory Traversal Vulnerability
15494| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15495| [9590] Apache-SSL Client Certificate Forging Vulnerability
15496| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15497| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15498| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15499| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15500| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15501| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15502| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15503| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15504| [8898] Red Hat Apache Directory Index Default Configuration Error
15505| [8883] Apache Cocoon Directory Traversal Vulnerability
15506| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15507| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15508| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15509| [8707] Apache htpasswd Password Entropy Weakness
15510| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15511| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15512| [8226] Apache HTTP Server Multiple Vulnerabilities
15513| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15514| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15515| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15516| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15517| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15518| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15519| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15520| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15521| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15522| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15523| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15524| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15525| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15526| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15527| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15528| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15529| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15530| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15531| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15532| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15533| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15534| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15535| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15536| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15537| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15538| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15539| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15540| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15541| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15542| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15543| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15544| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15545| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15546| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15547| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15548| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15549| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15550| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15551| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15552| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15553| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15554| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15555| [5485] Apache 2.0 Path Disclosure Vulnerability
15556| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15557| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15558| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15559| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15560| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15561| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15562| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15563| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15564| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15565| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15566| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15567| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15568| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15569| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15570| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15571| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15572| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15573| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15574| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15575| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15576| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15577| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15578| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15579| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15580| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15581| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15582| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15583| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15584| [3596] Apache Split-Logfile File Append Vulnerability
15585| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15586| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15587| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15588| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15589| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15590| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15591| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15592| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15593| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15594| [3169] Apache Server Address Disclosure Vulnerability
15595| [3009] Apache Possible Directory Index Disclosure Vulnerability
15596| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15597| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15598| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15599| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15600| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15601| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15602| [2216] Apache Web Server DoS Vulnerability
15603| [2182] Apache /tmp File Race Vulnerability
15604| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15605| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15606| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15607| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15608| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15609| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15610| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15611| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15612| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15613| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15614| [1457] Apache::ASP source.asp Example Script Vulnerability
15615| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15616| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15617|
15618| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15619| [86258] Apache CloudStack text fields cross-site scripting
15620| [85983] Apache Subversion mod_dav_svn module denial of service
15621| [85875] Apache OFBiz UEL code execution
15622| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15623| [85871] Apache HTTP Server mod_session_dbd unspecified
15624| [85756] Apache Struts OGNL expression command execution
15625| [85755] Apache Struts DefaultActionMapper class open redirect
15626| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15627| [85574] Apache HTTP Server mod_dav denial of service
15628| [85573] Apache Struts Showcase App OGNL code execution
15629| [85496] Apache CXF denial of service
15630| [85423] Apache Geronimo RMI classloader code execution
15631| [85326] Apache Santuario XML Security for C++ buffer overflow
15632| [85323] Apache Santuario XML Security for Java spoofing
15633| [85319] Apache Qpid Python client SSL spoofing
15634| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15635| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15636| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15637| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15638| [84952] Apache Tomcat CVE-2012-3544 denial of service
15639| [84763] Apache Struts CVE-2013-2135 security bypass
15640| [84762] Apache Struts CVE-2013-2134 security bypass
15641| [84719] Apache Subversion CVE-2013-2088 command execution
15642| [84718] Apache Subversion CVE-2013-2112 denial of service
15643| [84717] Apache Subversion CVE-2013-1968 denial of service
15644| [84577] Apache Tomcat security bypass
15645| [84576] Apache Tomcat symlink
15646| [84543] Apache Struts CVE-2013-2115 security bypass
15647| [84542] Apache Struts CVE-2013-1966 security bypass
15648| [84154] Apache Tomcat session hijacking
15649| [84144] Apache Tomcat denial of service
15650| [84143] Apache Tomcat information disclosure
15651| [84111] Apache HTTP Server command execution
15652| [84043] Apache Virtual Computing Lab cross-site scripting
15653| [84042] Apache Virtual Computing Lab cross-site scripting
15654| [83782] Apache CloudStack information disclosure
15655| [83781] Apache CloudStack security bypass
15656| [83720] Apache ActiveMQ cross-site scripting
15657| [83719] Apache ActiveMQ denial of service
15658| [83718] Apache ActiveMQ denial of service
15659| [83263] Apache Subversion denial of service
15660| [83262] Apache Subversion denial of service
15661| [83261] Apache Subversion denial of service
15662| [83259] Apache Subversion denial of service
15663| [83035] Apache mod_ruid2 security bypass
15664| [82852] Apache Qpid federation_tag security bypass
15665| [82851] Apache Qpid qpid::framing::Buffer denial of service
15666| [82758] Apache Rave User RPC API information disclosure
15667| [82663] Apache Subversion svn_fs_file_length() denial of service
15668| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15669| [82641] Apache Qpid AMQP denial of service
15670| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15671| [82618] Apache Commons FileUpload symlink
15672| [82360] Apache HTTP Server manager interface cross-site scripting
15673| [82359] Apache HTTP Server hostnames cross-site scripting
15674| [82338] Apache Tomcat log/logdir information disclosure
15675| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15676| [82268] Apache OpenJPA deserialization command execution
15677| [81981] Apache CXF UsernameTokens security bypass
15678| [81980] Apache CXF WS-Security security bypass
15679| [81398] Apache OFBiz cross-site scripting
15680| [81240] Apache CouchDB directory traversal
15681| [81226] Apache CouchDB JSONP code execution
15682| [81225] Apache CouchDB Futon user interface cross-site scripting
15683| [81211] Apache Axis2/C SSL spoofing
15684| [81167] Apache CloudStack DeployVM information disclosure
15685| [81166] Apache CloudStack AddHost API information disclosure
15686| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15687| [80518] Apache Tomcat cross-site request forgery security bypass
15688| [80517] Apache Tomcat FormAuthenticator security bypass
15689| [80516] Apache Tomcat NIO denial of service
15690| [80408] Apache Tomcat replay-countermeasure security bypass
15691| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15692| [80317] Apache Tomcat slowloris denial of service
15693| [79984] Apache Commons HttpClient SSL spoofing
15694| [79983] Apache CXF SSL spoofing
15695| [79830] Apache Axis2/Java SSL spoofing
15696| [79829] Apache Axis SSL spoofing
15697| [79809] Apache Tomcat DIGEST security bypass
15698| [79806] Apache Tomcat parseHeaders() denial of service
15699| [79540] Apache OFBiz unspecified
15700| [79487] Apache Axis2 SAML security bypass
15701| [79212] Apache Cloudstack code execution
15702| [78734] Apache CXF SOAP Action security bypass
15703| [78730] Apache Qpid broker denial of service
15704| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15705| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15706| [78562] Apache mod_pagespeed module security bypass
15707| [78454] Apache Axis2 security bypass
15708| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15709| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15710| [78321] Apache Wicket unspecified cross-site scripting
15711| [78183] Apache Struts parameters denial of service
15712| [78182] Apache Struts cross-site request forgery
15713| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15714| [77987] mod_rpaf module for Apache denial of service
15715| [77958] Apache Struts skill name code execution
15716| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15717| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15718| [77568] Apache Qpid broker security bypass
15719| [77421] Apache Libcloud spoofing
15720| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15721| [77046] Oracle Solaris Apache HTTP Server information disclosure
15722| [76837] Apache Hadoop information disclosure
15723| [76802] Apache Sling CopyFrom denial of service
15724| [76692] Apache Hadoop symlink
15725| [76535] Apache Roller console cross-site request forgery
15726| [76534] Apache Roller weblog cross-site scripting
15727| [76152] Apache CXF elements security bypass
15728| [76151] Apache CXF child policies security bypass
15729| [75983] MapServer for Windows Apache file include
15730| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15731| [75558] Apache POI denial of service
15732| [75545] PHP apache_request_headers() buffer overflow
15733| [75302] Apache Qpid SASL security bypass
15734| [75211] Debian GNU/Linux apache 2 cross-site scripting
15735| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15736| [74871] Apache OFBiz FlexibleStringExpander code execution
15737| [74870] Apache OFBiz multiple cross-site scripting
15738| [74750] Apache Hadoop unspecified spoofing
15739| [74319] Apache Struts XSLTResult.java file upload
15740| [74313] Apache Traffic Server header buffer overflow
15741| [74276] Apache Wicket directory traversal
15742| [74273] Apache Wicket unspecified cross-site scripting
15743| [74181] Apache HTTP Server mod_fcgid module denial of service
15744| [73690] Apache Struts OGNL code execution
15745| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15746| [73100] Apache MyFaces in directory traversal
15747| [73096] Apache APR hash denial of service
15748| [73052] Apache Struts name cross-site scripting
15749| [73030] Apache CXF UsernameToken security bypass
15750| [72888] Apache Struts lastName cross-site scripting
15751| [72758] Apache HTTP Server httpOnly information disclosure
15752| [72757] Apache HTTP Server MPM denial of service
15753| [72585] Apache Struts ParameterInterceptor security bypass
15754| [72438] Apache Tomcat Digest security bypass
15755| [72437] Apache Tomcat Digest security bypass
15756| [72436] Apache Tomcat DIGEST security bypass
15757| [72425] Apache Tomcat parameter denial of service
15758| [72422] Apache Tomcat request object information disclosure
15759| [72377] Apache HTTP Server scoreboard security bypass
15760| [72345] Apache HTTP Server HTTP request denial of service
15761| [72229] Apache Struts ExceptionDelegator command execution
15762| [72089] Apache Struts ParameterInterceptor directory traversal
15763| [72088] Apache Struts CookieInterceptor command execution
15764| [72047] Apache Geronimo hash denial of service
15765| [72016] Apache Tomcat hash denial of service
15766| [71711] Apache Struts OGNL expression code execution
15767| [71654] Apache Struts interfaces security bypass
15768| [71620] Apache ActiveMQ failover denial of service
15769| [71617] Apache HTTP Server mod_proxy module information disclosure
15770| [71508] Apache MyFaces EL security bypass
15771| [71445] Apache HTTP Server mod_proxy security bypass
15772| [71203] Apache Tomcat servlets privilege escalation
15773| [71181] Apache HTTP Server ap_pregsub() denial of service
15774| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15775| [70336] Apache HTTP Server mod_proxy information disclosure
15776| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15777| [69472] Apache Tomcat AJP security bypass
15778| [69396] Apache HTTP Server ByteRange filter denial of service
15779| [69394] Apache Wicket multi window support cross-site scripting
15780| [69176] Apache Tomcat XML information disclosure
15781| [69161] Apache Tomcat jsvc information disclosure
15782| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15783| [68541] Apache Tomcat sendfile information disclosure
15784| [68420] Apache XML Security denial of service
15785| [68238] Apache Tomcat JMX information disclosure
15786| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15787| [67804] Apache Subversion control rules information disclosure
15788| [67803] Apache Subversion control rules denial of service
15789| [67802] Apache Subversion baselined denial of service
15790| [67672] Apache Archiva multiple cross-site scripting
15791| [67671] Apache Archiva multiple cross-site request forgery
15792| [67564] Apache APR apr_fnmatch() denial of service
15793| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15794| [67515] Apache Tomcat annotations security bypass
15795| [67480] Apache Struts s:submit information disclosure
15796| [67414] Apache APR apr_fnmatch() denial of service
15797| [67356] Apache Struts javatemplates cross-site scripting
15798| [67354] Apache Struts Xwork cross-site scripting
15799| [66676] Apache Tomcat HTTP BIO information disclosure
15800| [66675] Apache Tomcat web.xml security bypass
15801| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15802| [66241] Apache HttpComponents information disclosure
15803| [66154] Apache Tomcat ServletSecurity security bypass
15804| [65971] Apache Tomcat ServletSecurity security bypass
15805| [65876] Apache Subversion mod_dav_svn denial of service
15806| [65343] Apache Continuum unspecified cross-site scripting
15807| [65162] Apache Tomcat NIO connector denial of service
15808| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15809| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15810| [65159] Apache Tomcat ServletContect security bypass
15811| [65050] Apache CouchDB web-based administration UI cross-site scripting
15812| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15813| [64473] Apache Subversion blame -g denial of service
15814| [64472] Apache Subversion walk() denial of service
15815| [64407] Apache Axis2 CVE-2010-0219 code execution
15816| [63926] Apache Archiva password privilege escalation
15817| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15818| [63493] Apache Archiva credentials cross-site request forgery
15819| [63477] Apache Tomcat HttpOnly session hijacking
15820| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15821| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15822| [62959] Apache Shiro filters security bypass
15823| [62790] Apache Perl cgi module denial of service
15824| [62576] Apache Qpid exchange denial of service
15825| [62575] Apache Qpid AMQP denial of service
15826| [62354] Apache Qpid SSL denial of service
15827| [62235] Apache APR-util apr_brigade_split_line() denial of service
15828| [62181] Apache XML-RPC SAX Parser information disclosure
15829| [61721] Apache Traffic Server cache poisoning
15830| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15831| [61186] Apache CouchDB Futon cross-site request forgery
15832| [61169] Apache CXF DTD denial of service
15833| [61070] Apache Jackrabbit search.jsp SQL injection
15834| [61006] Apache SLMS Quoting cross-site request forgery
15835| [60962] Apache Tomcat time cross-site scripting
15836| [60883] Apache mod_proxy_http information disclosure
15837| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15838| [60264] Apache Tomcat Transfer-Encoding denial of service
15839| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15840| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15841| [59413] Apache mod_proxy_http timeout information disclosure
15842| [59058] Apache MyFaces unencrypted view state cross-site scripting
15843| [58827] Apache Axis2 xsd file include
15844| [58790] Apache Axis2 modules cross-site scripting
15845| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15846| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15847| [58056] Apache ActiveMQ .jsp source code disclosure
15848| [58055] Apache Tomcat realm name information disclosure
15849| [58046] Apache HTTP Server mod_auth_shadow security bypass
15850| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15851| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15852| [57429] Apache CouchDB algorithms information disclosure
15853| [57398] Apache ActiveMQ Web console cross-site request forgery
15854| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15855| [56653] Apache HTTP Server DNS spoofing
15856| [56652] Apache HTTP Server DNS cross-site scripting
15857| [56625] Apache HTTP Server request header information disclosure
15858| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15859| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15860| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15861| [55857] Apache Tomcat WAR files directory traversal
15862| [55856] Apache Tomcat autoDeploy attribute security bypass
15863| [55855] Apache Tomcat WAR directory traversal
15864| [55210] Intuit component for Joomla! Apache information disclosure
15865| [54533] Apache Tomcat 404 error page cross-site scripting
15866| [54182] Apache Tomcat admin default password
15867| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15868| [53666] Apache HTTP Server Solaris pollset support denial of service
15869| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15870| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15871| [53041] mod_proxy_ftp module for Apache denial of service
15872| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15873| [51953] Apache Tomcat Path Disclosure
15874| [51952] Apache Tomcat Path Traversal
15875| [51951] Apache stronghold-status Information Disclosure
15876| [51950] Apache stronghold-info Information Disclosure
15877| [51949] Apache PHP Source Code Disclosure
15878| [51948] Apache Multiviews Attack
15879| [51946] Apache JServ Environment Status Information Disclosure
15880| [51945] Apache error_log Information Disclosure
15881| [51944] Apache Default Installation Page Pattern Found
15882| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15883| [51942] Apache AXIS XML External Entity File Retrieval
15884| [51941] Apache AXIS Sample Servlet Information Leak
15885| [51940] Apache access_log Information Disclosure
15886| [51626] Apache mod_deflate denial of service
15887| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15888| [51365] Apache Tomcat RequestDispatcher security bypass
15889| [51273] Apache HTTP Server Incomplete Request denial of service
15890| [51195] Apache Tomcat XML information disclosure
15891| [50994] Apache APR-util xml/apr_xml.c denial of service
15892| [50993] Apache APR-util apr_brigade_vprintf denial of service
15893| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15894| [50930] Apache Tomcat j_security_check information disclosure
15895| [50928] Apache Tomcat AJP denial of service
15896| [50884] Apache HTTP Server XML ENTITY denial of service
15897| [50808] Apache HTTP Server AllowOverride privilege escalation
15898| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15899| [50059] Apache mod_proxy_ajp information disclosure
15900| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15901| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15902| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15903| [49921] Apache ActiveMQ Web interface cross-site scripting
15904| [49898] Apache Geronimo Services/Repository directory traversal
15905| [49725] Apache Tomcat mod_jk module information disclosure
15906| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15907| [49712] Apache Struts unspecified cross-site scripting
15908| [49213] Apache Tomcat cal2.jsp cross-site scripting
15909| [48934] Apache Tomcat POST doRead method information disclosure
15910| [48211] Apache Tomcat header HTTP request smuggling
15911| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15912| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15913| [47709] Apache Roller "
15914| [47104] Novell Netware ApacheAdmin console security bypass
15915| [47086] Apache HTTP Server OS fingerprinting unspecified
15916| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15917| [45791] Apache Tomcat RemoteFilterValve security bypass
15918| [44435] Oracle WebLogic Apache Connector buffer overflow
15919| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15920| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15921| [44156] Apache Tomcat RequestDispatcher directory traversal
15922| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15923| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15924| [42987] Apache HTTP Server mod_proxy module denial of service
15925| [42915] Apache Tomcat JSP files path disclosure
15926| [42914] Apache Tomcat MS-DOS path disclosure
15927| [42892] Apache Tomcat unspecified unauthorized access
15928| [42816] Apache Tomcat Host Manager cross-site scripting
15929| [42303] Apache 403 error cross-site scripting
15930| [41618] Apache-SSL ExpandCert() authentication bypass
15931| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15932| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15933| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15934| [40562] Apache Geronimo init information disclosure
15935| [40478] Novell Web Manager webadmin-apache.conf security bypass
15936| [40411] Apache Tomcat exception handling information disclosure
15937| [40409] Apache Tomcat native (APR based) connector weak security
15938| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15939| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15940| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15941| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15942| [39804] Apache Tomcat SingleSignOn information disclosure
15943| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15944| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15945| [39608] Apache HTTP Server balancer manager cross-site request forgery
15946| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15947| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15948| [39472] Apache HTTP Server mod_status cross-site scripting
15949| [39201] Apache Tomcat JULI logging weak security
15950| [39158] Apache HTTP Server Windows SMB shares information disclosure
15951| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15952| [38951] Apache::AuthCAS Perl module cookie SQL injection
15953| [38800] Apache HTTP Server 413 error page cross-site scripting
15954| [38211] Apache Geronimo SQLLoginModule authentication bypass
15955| [37243] Apache Tomcat WebDAV directory traversal
15956| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15957| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15958| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15959| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15960| [36782] Apache Geronimo MEJB unauthorized access
15961| [36586] Apache HTTP Server UTF-7 cross-site scripting
15962| [36468] Apache Geronimo LoginModule security bypass
15963| [36467] Apache Tomcat functions.jsp cross-site scripting
15964| [36402] Apache Tomcat calendar cross-site request forgery
15965| [36354] Apache HTTP Server mod_proxy module denial of service
15966| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15967| [36336] Apache Derby lock table privilege escalation
15968| [36335] Apache Derby schema privilege escalation
15969| [36006] Apache Tomcat "
15970| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15971| [35999] Apache Tomcat \"
15972| [35795] Apache Tomcat CookieExample cross-site scripting
15973| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15974| [35384] Apache HTTP Server mod_cache module denial of service
15975| [35097] Apache HTTP Server mod_status module cross-site scripting
15976| [35095] Apache HTTP Server Prefork MPM module denial of service
15977| [34984] Apache HTTP Server recall_headers information disclosure
15978| [34966] Apache HTTP Server MPM content spoofing
15979| [34965] Apache HTTP Server MPM information disclosure
15980| [34963] Apache HTTP Server MPM multiple denial of service
15981| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15982| [34869] Apache Tomcat JSP example Web application cross-site scripting
15983| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15984| [34496] Apache Tomcat JK Connector security bypass
15985| [34377] Apache Tomcat hello.jsp cross-site scripting
15986| [34212] Apache Tomcat SSL configuration security bypass
15987| [34210] Apache Tomcat Accept-Language cross-site scripting
15988| [34209] Apache Tomcat calendar application cross-site scripting
15989| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15990| [34167] Apache Axis WSDL file path disclosure
15991| [34068] Apache Tomcat AJP connector information disclosure
15992| [33584] Apache HTTP Server suEXEC privilege escalation
15993| [32988] Apache Tomcat proxy module directory traversal
15994| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15995| [32708] Debian Apache tty privilege escalation
15996| [32441] ApacheStats extract() PHP call unspecified
15997| [32128] Apache Tomcat default account
15998| [31680] Apache Tomcat RequestParamExample cross-site scripting
15999| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
16000| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
16001| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
16002| [30456] Apache mod_auth_kerb off-by-one buffer overflow
16003| [29550] Apache mod_tcl set_var() format string
16004| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
16005| [28357] Apache HTTP Server mod_alias script source information disclosure
16006| [28063] Apache mod_rewrite off-by-one buffer overflow
16007| [27902] Apache Tomcat URL information disclosure
16008| [26786] Apache James SMTP server denial of service
16009| [25680] libapache2 /tmp/svn file upload
16010| [25614] Apache Struts lookupMap cross-site scripting
16011| [25613] Apache Struts ActionForm denial of service
16012| [25612] Apache Struts isCancelled() security bypass
16013| [24965] Apache mod_python FileSession command execution
16014| [24716] Apache James spooler memory leak denial of service
16015| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
16016| [24158] Apache Geronimo jsp-examples cross-site scripting
16017| [24030] Apache auth_ldap module multiple format strings
16018| [24008] Apache mod_ssl custom error message denial of service
16019| [24003] Apache mod_auth_pgsql module multiple syslog format strings
16020| [23612] Apache mod_imap referer field cross-site scripting
16021| [23173] Apache Struts error message cross-site scripting
16022| [22942] Apache Tomcat directory listing denial of service
16023| [22858] Apache Multi-Processing Module code allows denial of service
16024| [22602] RHSA-2005:582 updates for Apache httpd not installed
16025| [22520] Apache mod-auth-shadow "
16026| [22466] ApacheTop symlink
16027| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
16028| [22006] Apache HTTP Server byte-range filter denial of service
16029| [21567] Apache mod_ssl off-by-one buffer overflow
16030| [21195] Apache HTTP Server header HTTP request smuggling
16031| [20383] Apache HTTP Server htdigest buffer overflow
16032| [19681] Apache Tomcat AJP12 request denial of service
16033| [18993] Apache HTTP server check_forensic symlink attack
16034| [18790] Apache Tomcat Manager cross-site scripting
16035| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
16036| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
16037| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
16038| [17961] Apache Web server ServerTokens has not been set
16039| [17930] Apache HTTP Server HTTP GET request denial of service
16040| [17785] Apache mod_include module buffer overflow
16041| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
16042| [17473] Apache HTTP Server Satisfy directive allows access to resources
16043| [17413] Apache htpasswd buffer overflow
16044| [17384] Apache HTTP Server environment variable configuration file buffer overflow
16045| [17382] Apache HTTP Server IPv6 apr_util denial of service
16046| [17366] Apache HTTP Server mod_dav module LOCK denial of service
16047| [17273] Apache HTTP Server speculative mode denial of service
16048| [17200] Apache HTTP Server mod_ssl denial of service
16049| [16890] Apache HTTP Server server-info request has been detected
16050| [16889] Apache HTTP Server server-status request has been detected
16051| [16705] Apache mod_ssl format string attack
16052| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
16053| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
16054| [16230] Apache HTTP Server PHP denial of service
16055| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
16056| [15958] Apache HTTP Server authentication modules memory corruption
16057| [15547] Apache HTTP Server mod_disk_cache local information disclosure
16058| [15540] Apache HTTP Server socket starvation denial of service
16059| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
16060| [15422] Apache HTTP Server mod_access information disclosure
16061| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
16062| [15293] Apache for Cygwin "
16063| [15065] Apache-SSL has a default password
16064| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
16065| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
16066| [14751] Apache Mod_python output filter information disclosure
16067| [14125] Apache HTTP Server mod_userdir module information disclosure
16068| [14075] Apache HTTP Server mod_php file descriptor leak
16069| [13703] Apache HTTP Server account
16070| [13689] Apache HTTP Server configuration allows symlinks
16071| [13688] Apache HTTP Server configuration allows SSI
16072| [13687] Apache HTTP Server Server: header value
16073| [13685] Apache HTTP Server ServerTokens value
16074| [13684] Apache HTTP Server ServerSignature value
16075| [13672] Apache HTTP Server config allows directory autoindexing
16076| [13671] Apache HTTP Server default content
16077| [13670] Apache HTTP Server config file directive references outside content root
16078| [13668] Apache HTTP Server httpd not running in chroot environment
16079| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16080| [13664] Apache HTTP Server config file contains ScriptAlias entry
16081| [13663] Apache HTTP Server CGI support modules loaded
16082| [13661] Apache HTTP Server config file contains AddHandler entry
16083| [13660] Apache HTTP Server 500 error page not CGI script
16084| [13659] Apache HTTP Server 413 error page not CGI script
16085| [13658] Apache HTTP Server 403 error page not CGI script
16086| [13657] Apache HTTP Server 401 error page not CGI script
16087| [13552] Apache HTTP Server mod_cgid module information disclosure
16088| [13550] Apache GET request directory traversal
16089| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16090| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16091| [13429] Apache Tomcat non-HTTP request denial of service
16092| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16093| [13295] Apache weak password encryption
16094| [13254] Apache Tomcat .jsp cross-site scripting
16095| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16096| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16097| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16098| [12662] Apache HTTP Server rotatelogs denial of service
16099| [12554] Apache Tomcat stores password in plain text
16100| [12553] Apache HTTP Server redirects and subrequests denial of service
16101| [12552] Apache HTTP Server FTP proxy server denial of service
16102| [12551] Apache HTTP Server prefork MPM denial of service
16103| [12550] Apache HTTP Server weaker than expected encryption
16104| [12549] Apache HTTP Server type-map file denial of service
16105| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16106| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16107| [12091] Apache HTTP Server apr_password_validate denial of service
16108| [12090] Apache HTTP Server apr_psprintf code execution
16109| [11804] Apache HTTP Server mod_access_referer denial of service
16110| [11750] Apache HTTP Server could leak sensitive file descriptors
16111| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16112| [11703] Apache long slash path allows directory listing
16113| [11695] Apache HTTP Server LF (Line Feed) denial of service
16114| [11694] Apache HTTP Server filestat.c denial of service
16115| [11438] Apache HTTP Server MIME message boundaries information disclosure
16116| [11412] Apache HTTP Server error log terminal escape sequence injection
16117| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16118| [11195] Apache Tomcat web.xml could be used to read files
16119| [11194] Apache Tomcat URL appended with a null character could list directories
16120| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16121| [11126] Apache HTTP Server illegal character file disclosure
16122| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16123| [11124] Apache HTTP Server DOS device name denial of service
16124| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16125| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16126| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16127| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16128| [10499] Apache HTTP Server WebDAV HTTP POST view source
16129| [10457] Apache HTTP Server mod_ssl "
16130| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16131| [10414] Apache HTTP Server htdigest multiple buffer overflows
16132| [10413] Apache HTTP Server htdigest temporary file race condition
16133| [10412] Apache HTTP Server htpasswd temporary file race condition
16134| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16135| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16136| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16137| [10280] Apache HTTP Server shared memory scorecard overwrite
16138| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16139| [10241] Apache HTTP Server Host: header cross-site scripting
16140| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16141| [10208] Apache HTTP Server mod_dav denial of service
16142| [10206] HP VVOS Apache mod_ssl denial of service
16143| [10200] Apache HTTP Server stderr denial of service
16144| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16145| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16146| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16147| [10098] Slapper worm targets OpenSSL/Apache systems
16148| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16149| [9875] Apache HTTP Server .var file request could disclose installation path
16150| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16151| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16152| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16153| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16154| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16155| [9396] Apache Tomcat null character to threads denial of service
16156| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16157| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16158| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16159| [8932] Apache Tomcat example class information disclosure
16160| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16161| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16162| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16163| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16164| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16165| [8400] Apache HTTP Server mod_frontpage buffer overflows
16166| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16167| [8308] Apache "
16168| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16169| [8119] Apache and PHP OPTIONS request reveals "
16170| [8054] Apache is running on the system
16171| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16172| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16173| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16174| [7836] Apache HTTP Server log directory denial of service
16175| [7815] Apache for Windows "
16176| [7810] Apache HTTP request could result in unexpected behavior
16177| [7599] Apache Tomcat reveals installation path
16178| [7494] Apache "
16179| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16180| [7363] Apache Web Server hidden HTTP requests
16181| [7249] Apache mod_proxy denial of service
16182| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16183| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16184| [7059] Apache "
16185| [7057] Apache "
16186| [7056] Apache "
16187| [7055] Apache "
16188| [7054] Apache "
16189| [6997] Apache Jakarta Tomcat error message may reveal information
16190| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16191| [6970] Apache crafted HTTP request could reveal the internal IP address
16192| [6921] Apache long slash path allows directory listing
16193| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16194| [6527] Apache Web Server for Windows and OS2 denial of service
16195| [6316] Apache Jakarta Tomcat may reveal JSP source code
16196| [6305] Apache Jakarta Tomcat directory traversal
16197| [5926] Linux Apache symbolic link
16198| [5659] Apache Web server discloses files when used with php script
16199| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16200| [5204] Apache WebDAV directory listings
16201| [5197] Apache Web server reveals CGI script source code
16202| [5160] Apache Jakarta Tomcat default installation
16203| [5099] Trustix Secure Linux installs Apache with world writable access
16204| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16205| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16206| [4931] Apache source.asp example file allows users to write to files
16207| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16208| [4205] Apache Jakarta Tomcat delivers file contents
16209| [2084] Apache on Debian by default serves the /usr/doc directory
16210| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16211| [697] Apache HTTP server beck exploit
16212| [331] Apache cookies buffer overflow
16213|
16214| Exploit-DB - https://www.exploit-db.com:
16215| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16216| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16217| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16218| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16219| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16220| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16221| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16222| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16223| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16224| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16225| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16226| [29859] Apache Roller OGNL Injection
16227| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16228| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16229| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16230| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16231| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16232| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16233| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16234| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16235| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16236| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16237| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16238| [27096] Apache Geronimo 1.0 Error Page XSS
16239| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16240| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16241| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16242| [25986] Plesk Apache Zeroday Remote Exploit
16243| [25980] Apache Struts includeParams Remote Code Execution
16244| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16245| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16246| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16247| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16248| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16249| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16250| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16251| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16252| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16253| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16254| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16255| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16256| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16257| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16258| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16259| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16260| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16261| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16262| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16263| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16264| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16265| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16266| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16267| [21719] Apache 2.0 Path Disclosure Vulnerability
16268| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16269| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16270| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16271| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16272| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16273| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16274| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16275| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16276| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16277| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16278| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16279| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16280| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16281| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16282| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16283| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16284| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16285| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16286| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16287| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16288| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16289| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16290| [20558] Apache 1.2 Web Server DoS Vulnerability
16291| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16292| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16293| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16294| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16295| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16296| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16297| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16298| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16299| [19231] PHP apache_request_headers Function Buffer Overflow
16300| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16301| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16302| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16303| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16304| [18442] Apache httpOnly Cookie Disclosure
16305| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16306| [18221] Apache HTTP Server Denial of Service
16307| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16308| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16309| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16310| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16311| [16782] Apache Win32 Chunked Encoding
16312| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16313| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16314| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16315| [15319] Apache 2.2 (Windows) Local Denial of Service
16316| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16317| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16318| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16319| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16320| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16321| [12330] Apache OFBiz - Multiple XSS
16322| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16323| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16324| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16325| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16326| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16327| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16328| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16329| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16330| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16331| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16332| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16333| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16334| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16335| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16336| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16337| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16338| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16339| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16340| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16341| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16342| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16343| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16344| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16345| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16346| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16347| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16348| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16349| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16350| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16351| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16352| [466] htpasswd Apache 1.3.31 - Local Exploit
16353| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16354| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16355| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16356| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16357| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16358| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16359| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16360| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16361| [9] Apache HTTP Server 2.x Memory Leak Exploit
16362|
16363| OpenVAS (Nessus) - http://www.openvas.org:
16364| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16365| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16366| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16367| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16368| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16369| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16370| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16371| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16372| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16373| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16374| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16375| [900571] Apache APR-Utils Version Detection
16376| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16377| [900496] Apache Tiles Multiple XSS Vulnerability
16378| [900493] Apache Tiles Version Detection
16379| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16380| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16381| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16382| [870175] RedHat Update for apache RHSA-2008:0004-01
16383| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16384| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16385| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16386| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16387| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16388| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16389| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16390| [855821] Solaris Update for Apache 1.3 122912-19
16391| [855812] Solaris Update for Apache 1.3 122911-19
16392| [855737] Solaris Update for Apache 1.3 122911-17
16393| [855731] Solaris Update for Apache 1.3 122912-17
16394| [855695] Solaris Update for Apache 1.3 122911-16
16395| [855645] Solaris Update for Apache 1.3 122912-16
16396| [855587] Solaris Update for kernel update and Apache 108529-29
16397| [855566] Solaris Update for Apache 116973-07
16398| [855531] Solaris Update for Apache 116974-07
16399| [855524] Solaris Update for Apache 2 120544-14
16400| [855494] Solaris Update for Apache 1.3 122911-15
16401| [855478] Solaris Update for Apache Security 114145-11
16402| [855472] Solaris Update for Apache Security 113146-12
16403| [855179] Solaris Update for Apache 1.3 122912-15
16404| [855147] Solaris Update for kernel update and Apache 108528-29
16405| [855077] Solaris Update for Apache 2 120543-14
16406| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16407| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16408| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16409| [841209] Ubuntu Update for apache2 USN-1627-1
16410| [840900] Ubuntu Update for apache2 USN-1368-1
16411| [840798] Ubuntu Update for apache2 USN-1259-1
16412| [840734] Ubuntu Update for apache2 USN-1199-1
16413| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16414| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16415| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16416| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16417| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16418| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16419| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16420| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16421| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16422| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16423| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16424| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16425| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16426| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16427| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16428| [835188] HP-UX Update for Apache HPSBUX02308
16429| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16430| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16431| [835172] HP-UX Update for Apache HPSBUX02365
16432| [835168] HP-UX Update for Apache HPSBUX02313
16433| [835148] HP-UX Update for Apache HPSBUX01064
16434| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16435| [835131] HP-UX Update for Apache HPSBUX00256
16436| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16437| [835104] HP-UX Update for Apache HPSBUX00224
16438| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16439| [835101] HP-UX Update for Apache HPSBUX01232
16440| [835080] HP-UX Update for Apache HPSBUX02273
16441| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16442| [835044] HP-UX Update for Apache HPSBUX01019
16443| [835040] HP-UX Update for Apache PHP HPSBUX00207
16444| [835025] HP-UX Update for Apache HPSBUX00197
16445| [835023] HP-UX Update for Apache HPSBUX01022
16446| [835022] HP-UX Update for Apache HPSBUX02292
16447| [835005] HP-UX Update for Apache HPSBUX02262
16448| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16449| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16450| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16451| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16452| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16453| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16454| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16455| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16456| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16457| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16458| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16459| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16460| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16461| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16462| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16463| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16464| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16465| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16466| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16467| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16468| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16469| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16470| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16471| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16472| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16473| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16474| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16475| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16476| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16477| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16478| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16479| [801942] Apache Archiva Multiple Vulnerabilities
16480| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16481| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16482| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16483| [801284] Apache Derby Information Disclosure Vulnerability
16484| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16485| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16486| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16487| [800680] Apache APR Version Detection
16488| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16489| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16490| [800677] Apache Roller Version Detection
16491| [800279] Apache mod_jk Module Version Detection
16492| [800278] Apache Struts Cross Site Scripting Vulnerability
16493| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16494| [800276] Apache Struts Version Detection
16495| [800271] Apache Struts Directory Traversal Vulnerability
16496| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16497| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16498| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16499| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16500| [103074] Apache Continuum Cross Site Scripting Vulnerability
16501| [103073] Apache Continuum Detection
16502| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16503| [101023] Apache Open For Business Weak Password security check
16504| [101020] Apache Open For Business HTML injection vulnerability
16505| [101019] Apache Open For Business service detection
16506| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16507| [100923] Apache Archiva Detection
16508| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16509| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16510| [100813] Apache Axis2 Detection
16511| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16512| [100795] Apache Derby Detection
16513| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16514| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16515| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16516| [100514] Apache Multiple Security Vulnerabilities
16517| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16518| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16519| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16520| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16521| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16522| [72612] FreeBSD Ports: apache22
16523| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16524| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16525| [71512] FreeBSD Ports: apache
16526| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16527| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16528| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16529| [70737] FreeBSD Ports: apache
16530| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16531| [70600] FreeBSD Ports: apache
16532| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16533| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16534| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16535| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16536| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16537| [67868] FreeBSD Ports: apache
16538| [66816] FreeBSD Ports: apache
16539| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16540| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16541| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16542| [66081] SLES11: Security update for Apache 2
16543| [66074] SLES10: Security update for Apache 2
16544| [66070] SLES9: Security update for Apache 2
16545| [65998] SLES10: Security update for apache2-mod_python
16546| [65893] SLES10: Security update for Apache 2
16547| [65888] SLES10: Security update for Apache 2
16548| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16549| [65510] SLES9: Security update for Apache 2
16550| [65472] SLES9: Security update for Apache
16551| [65467] SLES9: Security update for Apache
16552| [65450] SLES9: Security update for apache2
16553| [65390] SLES9: Security update for Apache2
16554| [65363] SLES9: Security update for Apache2
16555| [65309] SLES9: Security update for Apache and mod_ssl
16556| [65296] SLES9: Security update for webdav apache module
16557| [65283] SLES9: Security update for Apache2
16558| [65249] SLES9: Security update for Apache 2
16559| [65230] SLES9: Security update for Apache 2
16560| [65228] SLES9: Security update for Apache 2
16561| [65212] SLES9: Security update for apache2-mod_python
16562| [65209] SLES9: Security update for apache2-worker
16563| [65207] SLES9: Security update for Apache 2
16564| [65168] SLES9: Security update for apache2-mod_python
16565| [65142] SLES9: Security update for Apache2
16566| [65136] SLES9: Security update for Apache 2
16567| [65132] SLES9: Security update for apache
16568| [65131] SLES9: Security update for Apache 2 oes/CORE
16569| [65113] SLES9: Security update for apache2
16570| [65072] SLES9: Security update for apache and mod_ssl
16571| [65017] SLES9: Security update for Apache 2
16572| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16573| [64783] FreeBSD Ports: apache
16574| [64774] Ubuntu USN-802-2 (apache2)
16575| [64653] Ubuntu USN-813-2 (apache2)
16576| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16577| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16578| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16579| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16580| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16581| [64443] Ubuntu USN-802-1 (apache2)
16582| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16583| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16584| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16585| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16586| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16587| [64201] Ubuntu USN-787-1 (apache2)
16588| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16589| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16590| [63565] FreeBSD Ports: apache
16591| [63562] Ubuntu USN-731-1 (apache2)
16592| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16593| [61185] FreeBSD Ports: apache
16594| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16595| [60387] Slackware Advisory SSA:2008-045-02 apache
16596| [58826] FreeBSD Ports: apache-tomcat
16597| [58825] FreeBSD Ports: apache-tomcat
16598| [58804] FreeBSD Ports: apache
16599| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16600| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16601| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16602| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16603| [57335] Debian Security Advisory DSA 1167-1 (apache)
16604| [57201] Debian Security Advisory DSA 1131-1 (apache)
16605| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16606| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16607| [57145] FreeBSD Ports: apache
16608| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16609| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16610| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16611| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16612| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16613| [56067] FreeBSD Ports: apache
16614| [55803] Slackware Advisory SSA:2005-310-04 apache
16615| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16616| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16617| [55355] FreeBSD Ports: apache
16618| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16619| [55261] Debian Security Advisory DSA 805-1 (apache2)
16620| [55259] Debian Security Advisory DSA 803-1 (apache)
16621| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16622| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16623| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16624| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16625| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16626| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16627| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16628| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16629| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16630| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16631| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16632| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16633| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16634| [54439] FreeBSD Ports: apache
16635| [53931] Slackware Advisory SSA:2004-133-01 apache
16636| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16637| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16638| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16639| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16640| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16641| [53848] Debian Security Advisory DSA 131-1 (apache)
16642| [53784] Debian Security Advisory DSA 021-1 (apache)
16643| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16644| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16645| [53735] Debian Security Advisory DSA 187-1 (apache)
16646| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16647| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16648| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16649| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16650| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16651| [53282] Debian Security Advisory DSA 594-1 (apache)
16652| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16653| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16654| [53215] Debian Security Advisory DSA 525-1 (apache)
16655| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16656| [52529] FreeBSD Ports: apache+ssl
16657| [52501] FreeBSD Ports: apache
16658| [52461] FreeBSD Ports: apache
16659| [52390] FreeBSD Ports: apache
16660| [52389] FreeBSD Ports: apache
16661| [52388] FreeBSD Ports: apache
16662| [52383] FreeBSD Ports: apache
16663| [52339] FreeBSD Ports: apache+mod_ssl
16664| [52331] FreeBSD Ports: apache
16665| [52329] FreeBSD Ports: ru-apache+mod_ssl
16666| [52314] FreeBSD Ports: apache
16667| [52310] FreeBSD Ports: apache
16668| [15588] Detect Apache HTTPS
16669| [15555] Apache mod_proxy content-length buffer overflow
16670| [15554] Apache mod_include priviledge escalation
16671| [14771] Apache <= 1.3.33 htpasswd local overflow
16672| [14177] Apache mod_access rule bypass
16673| [13644] Apache mod_rootme Backdoor
16674| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16675| [12280] Apache Connection Blocking Denial of Service
16676| [12239] Apache Error Log Escape Sequence Injection
16677| [12123] Apache Tomcat source.jsp malformed request information disclosure
16678| [12085] Apache Tomcat servlet/JSP container default files
16679| [11438] Apache Tomcat Directory Listing and File disclosure
16680| [11204] Apache Tomcat Default Accounts
16681| [11092] Apache 2.0.39 Win32 directory traversal
16682| [11046] Apache Tomcat TroubleShooter Servlet Installed
16683| [11042] Apache Tomcat DOS Device Name XSS
16684| [11041] Apache Tomcat /servlet Cross Site Scripting
16685| [10938] Apache Remote Command Execution via .bat files
16686| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16687| [10773] MacOS X Finder reveals contents of Apache Web files
16688| [10766] Apache UserDir Sensitive Information Disclosure
16689| [10756] MacOS X Finder reveals contents of Apache Web directories
16690| [10752] Apache Auth Module SQL Insertion Attack
16691| [10704] Apache Directory Listing
16692| [10678] Apache /server-info accessible
16693| [10677] Apache /server-status accessible
16694| [10440] Check for Apache Multiple / vulnerability
16695|
16696| SecurityTracker - https://www.securitytracker.com:
16697| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16698| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16699| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16700| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16701| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16702| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16703| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16704| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16705| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16706| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16707| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16708| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16709| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16710| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16711| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16712| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16713| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16714| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16715| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16716| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16717| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16718| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16719| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16720| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16721| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16722| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16723| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16724| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16725| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16726| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16727| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16728| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16729| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16730| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16731| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16732| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16733| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16734| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16735| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16736| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16737| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16738| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16739| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16740| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16741| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16742| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16743| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16744| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16745| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16746| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16747| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16748| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16749| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16750| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16751| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16752| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16753| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16754| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16755| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16756| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16757| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16758| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16759| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16760| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16761| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16762| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16763| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16764| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16765| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16766| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16767| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16768| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16769| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16770| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16771| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16772| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16773| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16774| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16775| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16776| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16777| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16778| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16779| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16780| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16781| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16782| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16783| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16784| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16785| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16786| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16787| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16788| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16789| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16790| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16791| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16792| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16793| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16794| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16795| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16796| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16797| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16798| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16799| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16800| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16801| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16802| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16803| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16804| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16805| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16806| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16807| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16808| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16809| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16810| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16811| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16812| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16813| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16814| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16815| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16816| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16817| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16818| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16819| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16820| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16821| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16822| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16823| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16824| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16825| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16826| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16827| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16828| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16829| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16830| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16831| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16832| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16833| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16834| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16835| [1008920] Apache mod_digest May Validate Replayed Client Responses
16836| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16837| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16838| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16839| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16840| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16841| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16842| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16843| [1008029] Apache mod_alias Contains a Buffer Overflow
16844| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16845| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16846| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16847| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16848| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16849| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16850| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16851| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16852| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16853| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16854| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16855| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16856| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16857| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16858| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16859| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16860| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16861| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16862| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16863| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16864| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16865| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16866| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16867| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16868| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16869| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16870| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16871| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16872| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16873| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16874| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16875| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16876| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16877| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16878| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16879| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16880| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16881| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16882| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16883| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16884| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16885| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16886| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16887| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16888| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16889| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16890| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16891| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16892| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16893| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16894| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16895| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16896| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16897| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16898| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16899| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16900|
16901| OSVDB - http://www.osvdb.org:
16902| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16903| [96077] Apache CloudStack Global Settings Multiple Field XSS
16904| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16905| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16906| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16907| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16908| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16909| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16910| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16911| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16912| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16913| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16914| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16915| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16916| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16917| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16918| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16919| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16920| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16921| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16922| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16923| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16924| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16925| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16926| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16927| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16928| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16929| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16930| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16931| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16932| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16933| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16934| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16935| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16936| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16937| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16938| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16939| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16940| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16941| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16942| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16943| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16944| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16945| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16946| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16947| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16948| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16949| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16950| [94279] Apache Qpid CA Certificate Validation Bypass
16951| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16952| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16953| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16954| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16955| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16956| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16957| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16958| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16959| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16960| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16961| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16962| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16963| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16964| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16965| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16966| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16967| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16968| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16969| [93541] Apache Solr json.wrf Callback XSS
16970| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16971| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16972| [93520] Apache CloudStack Default SSL Key Weakness
16973| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16974| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16975| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16976| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16977| [93515] Apache HBase table.jsp name Parameter XSS
16978| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16979| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16980| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16981| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16982| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16983| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16984| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16985| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16986| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16987| [93252] Apache Tomcat FORM Authenticator Session Fixation
16988| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16989| [93171] Apache Sling HtmlResponse Error Message XSS
16990| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16991| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16992| [93168] Apache Click ErrorReport.java id Parameter XSS
16993| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16994| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16995| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16996| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16997| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16998| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16999| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
17000| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
17001| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
17002| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
17003| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
17004| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
17005| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
17006| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
17007| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
17008| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
17009| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
17010| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
17011| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
17012| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
17013| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
17014| [93144] Apache Solr Admin Command Execution CSRF
17015| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
17016| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
17017| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
17018| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
17019| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
17020| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
17021| [92748] Apache CloudStack VM Console Access Restriction Bypass
17022| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
17023| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
17024| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
17025| [92706] Apache ActiveMQ Debug Log Rendering XSS
17026| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
17027| [92270] Apache Tomcat Unspecified CSRF
17028| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
17029| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
17030| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
17031| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
17032| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
17033| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
17034| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
17035| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
17036| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
17037| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
17038| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
17039| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
17040| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
17041| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
17042| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
17043| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
17044| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
17045| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
17046| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
17047| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
17048| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
17049| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
17050| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
17051| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
17052| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
17053| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
17054| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
17055| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
17056| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
17057| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
17058| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
17059| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
17060| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
17061| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
17062| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
17063| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
17064| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
17065| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
17066| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
17067| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
17068| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
17069| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
17070| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
17071| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
17072| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
17073| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
17074| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
17075| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
17076| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
17077| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
17078| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
17079| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17080| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17081| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17082| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17083| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17084| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17085| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17086| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17087| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17088| [86901] Apache Tomcat Error Message Path Disclosure
17089| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17090| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17091| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17092| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17093| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17094| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17095| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17096| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17097| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17098| [85430] Apache mod_pagespeed Module Unspecified XSS
17099| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17100| [85249] Apache Wicket Unspecified XSS
17101| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17102| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17103| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17104| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17105| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17106| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17107| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17108| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17109| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17110| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17111| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17112| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17113| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17114| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17115| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17116| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17117| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17118| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17119| [83339] Apache Roller Blogger Roll Unspecified XSS
17120| [83270] Apache Roller Unspecified Admin Action CSRF
17121| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17122| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17123| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17124| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17125| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17126| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17127| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17128| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17129| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17130| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17131| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17132| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17133| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17134| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17135| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17136| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17137| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17138| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17139| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17140| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17141| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17142| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17143| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17144| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17145| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17146| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17147| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17148| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17149| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17150| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17151| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17152| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17153| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17154| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17155| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17156| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17157| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17158| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17159| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17160| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17161| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17162| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17163| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17164| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17165| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17166| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17167| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17168| [77593] Apache Struts Conversion Error OGNL Expression Injection
17169| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17170| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17171| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17172| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17173| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17174| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17175| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17176| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17177| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17178| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17179| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17180| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17181| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17182| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17183| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17184| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17185| [74725] Apache Wicket Multi Window Support Unspecified XSS
17186| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17187| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17188| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17189| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17190| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17191| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17192| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17193| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17194| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17195| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17196| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17197| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17198| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17199| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17200| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17201| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17202| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17203| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17204| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17205| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17206| [73154] Apache Archiva Multiple Unspecified CSRF
17207| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17208| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17209| [72238] Apache Struts Action / Method Names <
17210| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17211| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17212| [71557] Apache Tomcat HTML Manager Multiple XSS
17213| [71075] Apache Archiva User Management Page XSS
17214| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17215| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17216| [70924] Apache Continuum Multiple Admin Function CSRF
17217| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17218| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17219| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17220| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17221| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17222| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17223| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17224| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17225| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17226| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17227| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17228| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17229| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17230| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17231| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17232| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17233| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17234| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17235| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17236| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17237| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17238| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17239| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17240| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17241| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17242| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17243| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17244| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17245| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17246| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17247| [65054] Apache ActiveMQ Jetty Error Handler XSS
17248| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17249| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17250| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17251| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17252| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17253| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17254| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17255| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17256| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17257| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17258| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17259| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17260| [63895] Apache HTTP Server mod_headers Unspecified Issue
17261| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17262| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17263| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17264| [63140] Apache Thrift Service Malformed Data Remote DoS
17265| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17266| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17267| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17268| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17269| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17270| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17271| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17272| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17273| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17274| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17275| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17276| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17277| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17278| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17279| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17280| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17281| [60678] Apache Roller Comment Email Notification Manipulation DoS
17282| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17283| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17284| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17285| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17286| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17287| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17288| [60232] PHP on Apache php.exe Direct Request Remote DoS
17289| [60176] Apache Tomcat Windows Installer Admin Default Password
17290| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17291| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17292| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17293| [59944] Apache Hadoop jobhistory.jsp XSS
17294| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17295| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17296| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17297| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17298| [59019] Apache mod_python Cookie Salting Weakness
17299| [59018] Apache Harmony Error Message Handling Overflow
17300| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17301| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17302| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17303| [59010] Apache Solr get-file.jsp XSS
17304| [59009] Apache Solr action.jsp XSS
17305| [59008] Apache Solr analysis.jsp XSS
17306| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17307| [59006] Apache Beehive select / checkbox Tag XSS
17308| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17309| [59004] Apache Beehive Error Message XSS
17310| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17311| [59002] Apache Jetspeed default-page.psml URI XSS
17312| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17313| [59000] Apache CXF Unsigned Message Policy Bypass
17314| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17315| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17316| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17317| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17318| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17319| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17320| [58993] Apache Hadoop browseBlock.jsp XSS
17321| [58991] Apache Hadoop browseDirectory.jsp XSS
17322| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17323| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17324| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17325| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17326| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17327| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17328| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17329| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17330| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17331| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17332| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17333| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17334| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17335| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17336| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17337| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17338| [58974] Apache Sling /apps Script User Session Management Access Weakness
17339| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17340| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17341| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17342| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17343| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17344| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17345| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17346| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17347| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17348| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17349| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17350| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17351| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17352| [58805] Apache Derby Unauthenticated Database / Admin Access
17353| [58804] Apache Wicket Header Contribution Unspecified Issue
17354| [58803] Apache Wicket Session Fixation
17355| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17356| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17357| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17358| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17359| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17360| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17361| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17362| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17363| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17364| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17365| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17366| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17367| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17368| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17369| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17370| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17371| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17372| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17373| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17374| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17375| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17376| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17377| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17378| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17379| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17380| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17381| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17382| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17383| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17384| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17385| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17386| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17387| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17388| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17389| [58755] Apache Harmony DRLVM Non-public Class Member Access
17390| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17391| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17392| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17393| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17394| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17395| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17396| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17397| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17398| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17399| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17400| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17401| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17402| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17403| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17404| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17405| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17406| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17407| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17408| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17409| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17410| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17411| [58724] Apache Roller Logout Functionality Failure Session Persistence
17412| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17413| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17414| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17415| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17416| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17417| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17418| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17419| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17420| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17421| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17422| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17423| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17424| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17425| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17426| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17427| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17428| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17429| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17430| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17431| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17432| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17433| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17434| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17435| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17436| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17437| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17438| [58687] Apache Axis Invalid wsdl Request XSS
17439| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17440| [58685] Apache Velocity Template Designer Privileged Code Execution
17441| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17442| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17443| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17444| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17445| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17446| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17447| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17448| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17449| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17450| [58667] Apache Roller Database Cleartext Passwords Disclosure
17451| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17452| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17453| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17454| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17455| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17456| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17457| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17458| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17459| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17460| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17461| [56984] Apache Xerces2 Java Malformed XML Input DoS
17462| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17463| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17464| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17465| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17466| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17467| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17468| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17469| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17470| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17471| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17472| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17473| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17474| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17475| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17476| [55056] Apache Tomcat Cross-application TLD File Manipulation
17477| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17478| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17479| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17480| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17481| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17482| [54589] Apache Jserv Nonexistent JSP Request XSS
17483| [54122] Apache Struts s:a / s:url Tag href Element XSS
17484| [54093] Apache ActiveMQ Web Console JMS Message XSS
17485| [53932] Apache Geronimo Multiple Admin Function CSRF
17486| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17487| [53930] Apache Geronimo /console/portal/ URI XSS
17488| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17489| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17490| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17491| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17492| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17493| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17494| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17495| [53380] Apache Struts Unspecified XSS
17496| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17497| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17498| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17499| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17500| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17501| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17502| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17503| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17504| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17505| [51151] Apache Roller Search Function q Parameter XSS
17506| [50482] PHP with Apache php_value Order Unspecified Issue
17507| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17508| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17509| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17510| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17511| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17512| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17513| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17514| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17515| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17516| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17517| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17518| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17519| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17520| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17521| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17522| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17523| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17524| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17525| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17526| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17527| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17528| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17529| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17530| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17531| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17532| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17533| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17534| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17535| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17536| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17537| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17538| [43452] Apache Tomcat HTTP Request Smuggling
17539| [43309] Apache Geronimo LoginModule Login Method Bypass
17540| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17541| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17542| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17543| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17544| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17545| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17546| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17547| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17548| [42091] Apache Maven Site Plugin Installation Permission Weakness
17549| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17550| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17551| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17552| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17553| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17554| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17555| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17556| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17557| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17558| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17559| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17560| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17561| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17562| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17563| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17564| [40262] Apache HTTP Server mod_status refresh XSS
17565| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17566| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17567| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17568| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17569| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17570| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17571| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17572| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17573| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17574| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17575| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17576| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17577| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17578| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17579| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17580| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17581| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17582| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17583| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17584| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17585| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17586| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17587| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17588| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17589| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17590| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17591| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17592| [36079] Apache Tomcat Manager Uploaded Filename XSS
17593| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17594| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17595| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17596| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17597| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17598| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17599| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17600| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17601| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17602| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17603| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17604| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17605| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17606| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17607| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17608| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17609| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17610| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17611| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17612| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17613| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17614| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17615| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17616| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17617| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17618| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17619| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17620| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17621| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17622| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17623| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17624| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17625| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17626| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17627| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17628| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17629| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17630| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17631| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17632| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17633| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17634| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17635| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17636| [24365] Apache Struts Multiple Function Error Message XSS
17637| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17638| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17639| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17640| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17641| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17642| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17643| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17644| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17645| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17646| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17647| [22459] Apache Geronimo Error Page XSS
17648| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17649| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17650| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17651| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17652| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17653| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17654| [21021] Apache Struts Error Message XSS
17655| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17656| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17657| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17658| [20439] Apache Tomcat Directory Listing Saturation DoS
17659| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17660| [20285] Apache HTTP Server Log File Control Character Injection
17661| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17662| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17663| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17664| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17665| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17666| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17667| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17668| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17669| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17670| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17671| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17672| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17673| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17674| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17675| [18233] Apache HTTP Server htdigest user Variable Overfow
17676| [17738] Apache HTTP Server HTTP Request Smuggling
17677| [16586] Apache HTTP Server Win32 GET Overflow DoS
17678| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17679| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17680| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17681| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17682| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17683| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17684| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17685| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17686| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17687| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17688| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17689| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17690| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17691| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17692| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17693| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17694| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17695| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17696| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17697| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17698| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17699| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17700| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17701| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17702| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17703| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17704| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17705| [13304] Apache Tomcat realPath.jsp Path Disclosure
17706| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17707| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17708| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17709| [12848] Apache HTTP Server htdigest realm Variable Overflow
17710| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17711| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17712| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17713| [12557] Apache HTTP Server prefork MPM accept Error DoS
17714| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17715| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17716| [12231] Apache Tomcat web.xml Arbitrary File Access
17717| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17718| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17719| [12178] Apache Jakarta Lucene results.jsp XSS
17720| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17721| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17722| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17723| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17724| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17725| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17726| [10471] Apache Xerces-C++ XML Parser DoS
17727| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17728| [10068] Apache HTTP Server htpasswd Local Overflow
17729| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17730| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17731| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17732| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17733| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17734| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17735| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17736| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17737| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17738| [9714] Apache Authentication Module Threaded MPM DoS
17739| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17740| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17741| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17742| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17743| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17744| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17745| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17746| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17747| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17748| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17749| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17750| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17751| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17752| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17753| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17754| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17755| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17756| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17757| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17758| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17759| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17760| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17761| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17762| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17763| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17764| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17765| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17766| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17767| [9208] Apache Tomcat .jsp Encoded Newline XSS
17768| [9204] Apache Tomcat ROOT Application XSS
17769| [9203] Apache Tomcat examples Application XSS
17770| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17771| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17772| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17773| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17774| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17775| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17776| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17777| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17778| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17779| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17780| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17781| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17782| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17783| [7611] Apache HTTP Server mod_alias Local Overflow
17784| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17785| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17786| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17787| [6882] Apache mod_python Malformed Query String Variant DoS
17788| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17789| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17790| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17791| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17792| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17793| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17794| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17795| [5278] Apache Tomcat web.xml Restriction Bypass
17796| [5051] Apache Tomcat Null Character DoS
17797| [4973] Apache Tomcat servlet Mapping XSS
17798| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17799| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17800| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17801| [4568] mod_survey For Apache ENV Tags SQL Injection
17802| [4553] Apache HTTP Server ApacheBench Overflow DoS
17803| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17804| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17805| [4383] Apache HTTP Server Socket Race Condition DoS
17806| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17807| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17808| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17809| [4231] Apache Cocoon Error Page Server Path Disclosure
17810| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17811| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17812| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17813| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17814| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17815| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17816| [3322] mod_php for Apache HTTP Server Process Hijack
17817| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17818| [2885] Apache mod_python Malformed Query String DoS
17819| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17820| [2733] Apache HTTP Server mod_rewrite Local Overflow
17821| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17822| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17823| [2149] Apache::Gallery Privilege Escalation
17824| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17825| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17826| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17827| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17828| [872] Apache Tomcat Multiple Default Accounts
17829| [862] Apache HTTP Server SSI Error Page XSS
17830| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17831| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17832| [845] Apache Tomcat MSDOS Device XSS
17833| [844] Apache Tomcat Java Servlet Error Page XSS
17834| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17835| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17836| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17837| [775] Apache mod_python Module Importing Privilege Function Execution
17838| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17839| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17840| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17841| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17842| [637] Apache HTTP Server UserDir Directive Username Enumeration
17843| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17844| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17845| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17846| [561] Apache Web Servers mod_status /server-status Information Disclosure
17847| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17848| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17849| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17850| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17851| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17852| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17853| [376] Apache Tomcat contextAdmin Arbitrary File Access
17854| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17855| [222] Apache HTTP Server test-cgi Arbitrary File Access
17856| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17857| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17858|_
17859139/tcp closed netbios-ssn
17860443/tcp open ssl/http Apache httpd
17861|_http-server-header: Apache
17862| vulscan: VulDB - https://vuldb.com:
17863| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
17864| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
17865| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
17866| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
17867| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
17868| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
17869| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
17870| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
17871| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
17872| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
17873| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
17874| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
17875| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
17876| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
17877| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
17878| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
17879| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
17880| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
17881| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
17882| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
17883| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
17884| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
17885| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
17886| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
17887| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
17888| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
17889| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
17890| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
17891| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
17892| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
17893| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
17894| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
17895| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
17896| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
17897| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
17898| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
17899| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
17900| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
17901| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
17902| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
17903| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
17904| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
17905| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
17906| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
17907| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
17908| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
17909| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
17910| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
17911| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
17912| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
17913| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
17914| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
17915| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
17916| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
17917| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
17918| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
17919| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
17920| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
17921| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
17922| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
17923| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
17924| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
17925| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
17926| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
17927| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
17928| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
17929| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
17930| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
17931| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
17932| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
17933| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
17934| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
17935| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
17936| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
17937| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
17938| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
17939| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
17940| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
17941| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
17942| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
17943| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
17944| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
17945| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
17946| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
17947| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
17948| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
17949| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
17950| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
17951| [136370] Apache Fineract up to 1.2.x sql injection
17952| [136369] Apache Fineract up to 1.2.x sql injection
17953| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
17954| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
17955| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
17956| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
17957| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
17958| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
17959| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
17960| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
17961| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
17962| [134416] Apache Sanselan 0.97-incubator Loop denial of service
17963| [134415] Apache Sanselan 0.97-incubator Hang denial of service
17964| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
17965| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
17966| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
17967| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
17968| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
17969| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
17970| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
17971| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
17972| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
17973| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
17974| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
17975| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
17976| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
17977| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
17978| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
17979| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
17980| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
17981| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
17982| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
17983| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
17984| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
17985| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
17986| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
17987| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
17988| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
17989| [131859] Apache Hadoop up to 2.9.1 privilege escalation
17990| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
17991| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
17992| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
17993| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
17994| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
17995| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
17996| [130629] Apache Guacamole Cookie Flag weak encryption
17997| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
17998| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
17999| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
18000| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
18001| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
18002| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
18003| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
18004| [130123] Apache Airflow up to 1.8.2 information disclosure
18005| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
18006| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
18007| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
18008| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
18009| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18010| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18011| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18012| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
18013| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
18014| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
18015| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
18016| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
18017| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18018| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
18019| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
18020| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
18021| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
18022| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
18023| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18024| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
18025| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18026| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
18027| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
18028| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
18029| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
18030| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
18031| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
18032| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
18033| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
18034| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
18035| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
18036| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
18037| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
18038| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
18039| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
18040| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
18041| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
18042| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
18043| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
18044| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
18045| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
18046| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
18047| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
18048| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
18049| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
18050| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
18051| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
18052| [127007] Apache Spark Request Code Execution
18053| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
18054| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
18055| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
18056| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
18057| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
18058| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
18059| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
18060| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
18061| [126346] Apache Tomcat Path privilege escalation
18062| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
18063| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
18064| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
18065| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
18066| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
18067| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
18068| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
18069| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
18070| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
18071| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
18072| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
18073| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
18074| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
18075| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
18076| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
18077| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
18078| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
18079| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
18080| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
18081| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
18082| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
18083| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
18084| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
18085| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
18086| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
18087| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
18088| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
18089| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
18090| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
18091| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
18092| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
18093| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
18094| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
18095| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
18096| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
18097| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
18098| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
18099| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
18100| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
18101| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
18102| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
18103| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
18104| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
18105| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
18106| [123197] Apache Sentry up to 2.0.0 privilege escalation
18107| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
18108| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
18109| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
18110| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
18111| [122800] Apache Spark 1.3.0 REST API weak authentication
18112| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
18113| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
18114| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
18115| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
18116| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
18117| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
18118| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
18119| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
18120| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
18121| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
18122| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
18123| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
18124| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
18125| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
18126| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
18127| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
18128| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
18129| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
18130| [121354] Apache CouchDB HTTP API Code Execution
18131| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
18132| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
18133| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
18134| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
18135| [120168] Apache CXF weak authentication
18136| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
18137| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
18138| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
18139| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
18140| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
18141| [119306] Apache MXNet Network Interface privilege escalation
18142| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
18143| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
18144| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
18145| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
18146| [118143] Apache NiFi activemq-client Library Deserialization denial of service
18147| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
18148| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
18149| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
18150| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
18151| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
18152| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
18153| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
18154| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
18155| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
18156| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
18157| [117115] Apache Tika up to 1.17 tika-server command injection
18158| [116929] Apache Fineract getReportType Parameter privilege escalation
18159| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
18160| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
18161| [116926] Apache Fineract REST Parameter privilege escalation
18162| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
18163| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
18164| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
18165| [115883] Apache Hive up to 2.3.2 privilege escalation
18166| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
18167| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
18168| [115518] Apache Ignite 2.3 Deserialization privilege escalation
18169| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
18170| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
18171| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
18172| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
18173| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
18174| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
18175| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
18176| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
18177| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
18178| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
18179| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
18180| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
18181| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
18182| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
18183| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
18184| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
18185| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
18186| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
18187| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
18188| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
18189| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
18190| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
18191| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
18192| [113895] Apache Geode up to 1.3.x Code Execution
18193| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
18194| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
18195| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
18196| [113747] Apache Tomcat Servlets privilege escalation
18197| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
18198| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
18199| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
18200| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
18201| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
18202| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18203| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
18204| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18205| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
18206| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
18207| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
18208| [112885] Apache Allura up to 1.8.0 File information disclosure
18209| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
18210| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
18211| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
18212| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
18213| [112625] Apache POI up to 3.16 Loop denial of service
18214| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
18215| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
18216| [112339] Apache NiFi 1.5.0 Header privilege escalation
18217| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
18218| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
18219| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
18220| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
18221| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
18222| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
18223| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
18224| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
18225| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
18226| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
18227| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
18228| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
18229| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
18230| [112114] Oracle 9.1 Apache Log4j privilege escalation
18231| [112113] Oracle 9.1 Apache Log4j privilege escalation
18232| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
18233| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
18234| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
18235| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
18236| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
18237| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
18238| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
18239| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
18240| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
18241| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
18242| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
18243| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
18244| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
18245| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
18246| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
18247| [110701] Apache Fineract Query Parameter sql injection
18248| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
18249| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
18250| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
18251| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
18252| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
18253| [110106] Apache CXF Fediz Spring cross site request forgery
18254| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
18255| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
18256| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
18257| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
18258| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
18259| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
18260| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
18261| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
18262| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
18263| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
18264| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
18265| [108938] Apple macOS up to 10.13.1 apache denial of service
18266| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
18267| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
18268| [108935] Apple macOS up to 10.13.1 apache denial of service
18269| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
18270| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
18271| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
18272| [108931] Apple macOS up to 10.13.1 apache denial of service
18273| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
18274| [108929] Apple macOS up to 10.13.1 apache denial of service
18275| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
18276| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
18277| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
18278| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
18279| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
18280| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
18281| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
18282| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
18283| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
18284| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
18285| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
18286| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
18287| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
18288| [108782] Apache Xerces2 XML Service denial of service
18289| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
18290| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
18291| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
18292| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
18293| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
18294| [108629] Apache OFBiz up to 10.04.01 privilege escalation
18295| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
18296| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
18297| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
18298| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
18299| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
18300| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
18301| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
18302| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
18303| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
18304| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
18305| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
18306| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
18307| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
18308| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
18309| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
18310| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
18311| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
18312| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18313| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
18314| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
18315| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
18316| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
18317| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
18318| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
18319| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
18320| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
18321| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
18322| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
18323| [107639] Apache NiFi 1.4.0 XML External Entity
18324| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
18325| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
18326| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
18327| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
18328| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
18329| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
18330| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
18331| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
18332| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
18333| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
18334| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
18335| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18336| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18337| [107197] Apache Xerces Jelly Parser XML File XML External Entity
18338| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
18339| [107084] Apache Struts up to 2.3.19 cross site scripting
18340| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
18341| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
18342| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
18343| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
18344| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
18345| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
18346| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
18347| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
18348| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
18349| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
18350| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
18351| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
18352| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18353| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18354| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
18355| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
18356| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
18357| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
18358| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
18359| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
18360| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
18361| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
18362| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
18363| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
18364| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
18365| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
18366| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
18367| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
18368| [105878] Apache Struts up to 2.3.24.0 privilege escalation
18369| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
18370| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
18371| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
18372| [105643] Apache Pony Mail up to 0.8b weak authentication
18373| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
18374| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
18375| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
18376| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
18377| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
18378| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
18379| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
18380| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
18381| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
18382| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
18383| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
18384| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
18385| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
18386| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
18387| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
18388| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
18389| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
18390| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
18391| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
18392| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
18393| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
18394| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
18395| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
18396| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
18397| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
18398| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
18399| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
18400| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
18401| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
18402| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
18403| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
18404| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
18405| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
18406| [103690] Apache OpenMeetings 1.0.0 sql injection
18407| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
18408| [103688] Apache OpenMeetings 1.0.0 weak encryption
18409| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
18410| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
18411| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
18412| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
18413| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
18414| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
18415| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
18416| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
18417| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
18418| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
18419| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
18420| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
18421| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
18422| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
18423| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
18424| [103352] Apache Solr Node weak authentication
18425| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
18426| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
18427| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
18428| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
18429| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
18430| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
18431| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
18432| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
18433| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
18434| [102536] Apache Ranger up to 0.6 Stored cross site scripting
18435| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
18436| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
18437| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
18438| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
18439| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
18440| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
18441| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
18442| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
18443| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
18444| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
18445| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
18446| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
18447| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
18448| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
18449| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
18450| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
18451| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
18452| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
18453| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
18454| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
18455| [99937] Apache Batik up to 1.8 privilege escalation
18456| [99936] Apache FOP up to 2.1 privilege escalation
18457| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
18458| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
18459| [99930] Apache Traffic Server up to 6.2.0 denial of service
18460| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
18461| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
18462| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
18463| [117569] Apache Hadoop up to 2.7.3 privilege escalation
18464| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
18465| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
18466| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
18467| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
18468| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
18469| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
18470| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
18471| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
18472| [99014] Apache Camel Jackson/JacksonXML privilege escalation
18473| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18474| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
18475| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18476| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
18477| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
18478| [98605] Apple macOS up to 10.12.3 Apache denial of service
18479| [98604] Apple macOS up to 10.12.3 Apache denial of service
18480| [98603] Apple macOS up to 10.12.3 Apache denial of service
18481| [98602] Apple macOS up to 10.12.3 Apache denial of service
18482| [98601] Apple macOS up to 10.12.3 Apache denial of service
18483| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
18484| [98405] Apache Hadoop up to 0.23.10 privilege escalation
18485| [98199] Apache Camel Validation XML External Entity
18486| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
18487| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
18488| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
18489| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
18490| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
18491| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
18492| [97081] Apache Tomcat HTTPS Request denial of service
18493| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
18494| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
18495| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
18496| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
18497| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
18498| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
18499| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
18500| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
18501| [95311] Apache Storm UI Daemon privilege escalation
18502| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
18503| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
18504| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
18505| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
18506| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
18507| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
18508| [94540] Apache Tika 1.9 tika-server File information disclosure
18509| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
18510| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
18511| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
18512| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
18513| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
18514| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
18515| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18516| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18517| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
18518| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
18519| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
18520| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
18521| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
18522| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
18523| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18524| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18525| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
18526| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
18527| [93532] Apache Commons Collections Library Java privilege escalation
18528| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
18529| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
18530| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
18531| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
18532| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
18533| [93098] Apache Commons FileUpload privilege escalation
18534| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
18535| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
18536| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
18537| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
18538| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
18539| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
18540| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
18541| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
18542| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
18543| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
18544| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
18545| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
18546| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
18547| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
18548| [92549] Apache Tomcat on Red Hat privilege escalation
18549| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
18550| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
18551| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
18552| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
18553| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
18554| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
18555| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
18556| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
18557| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
18558| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
18559| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
18560| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
18561| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
18562| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
18563| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
18564| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
18565| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
18566| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
18567| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
18568| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
18569| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
18570| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
18571| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
18572| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
18573| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
18574| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
18575| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
18576| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
18577| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
18578| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
18579| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
18580| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
18581| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
18582| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
18583| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
18584| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
18585| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
18586| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
18587| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
18588| [90263] Apache Archiva Header denial of service
18589| [90262] Apache Archiva Deserialize privilege escalation
18590| [90261] Apache Archiva XML DTD Connection privilege escalation
18591| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
18592| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
18593| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
18594| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
18595| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18596| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18597| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
18598| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
18599| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
18600| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
18601| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
18602| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
18603| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
18604| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
18605| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
18606| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
18607| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
18608| [87765] Apache James Server 2.3.2 Command privilege escalation
18609| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
18610| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
18611| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
18612| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
18613| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
18614| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
18615| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
18616| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
18617| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
18618| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18619| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18620| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
18621| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
18622| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
18623| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18624| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18625| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
18626| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
18627| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
18628| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
18629| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
18630| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
18631| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
18632| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
18633| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
18634| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
18635| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
18636| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
18637| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
18638| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
18639| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
18640| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
18641| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
18642| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
18643| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
18644| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
18645| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
18646| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
18647| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
18648| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
18649| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
18650| [82076] Apache Ranger up to 0.5.1 privilege escalation
18651| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
18652| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
18653| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
18654| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
18655| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
18656| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
18657| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
18658| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
18659| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
18660| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
18661| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
18662| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
18663| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18664| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18665| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
18666| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
18667| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
18668| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
18669| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
18670| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
18671| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
18672| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
18673| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
18674| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
18675| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
18676| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
18677| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
18678| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
18679| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
18680| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
18681| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
18682| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
18683| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
18684| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
18685| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
18686| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
18687| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
18688| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
18689| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
18690| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
18691| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
18692| [79791] Cisco Products Apache Commons Collections Library privilege escalation
18693| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18694| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18695| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
18696| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
18697| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
18698| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
18699| [78989] Apache Ambari up to 2.1.1 Open Redirect
18700| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
18701| [78987] Apache Ambari up to 2.0.x cross site scripting
18702| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
18703| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18704| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18705| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18706| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18707| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18708| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18709| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18710| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
18711| [77406] Apache Flex BlazeDS AMF Message XML External Entity
18712| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
18713| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
18714| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
18715| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
18716| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
18717| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
18718| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
18719| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
18720| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
18721| [76567] Apache Struts 2.3.20 unknown vulnerability
18722| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
18723| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
18724| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
18725| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
18726| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
18727| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
18728| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
18729| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
18730| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
18731| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
18732| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
18733| [74793] Apache Tomcat File Upload denial of service
18734| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
18735| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
18736| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
18737| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
18738| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
18739| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
18740| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
18741| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
18742| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
18743| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
18744| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
18745| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
18746| [74468] Apache Batik up to 1.6 denial of service
18747| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
18748| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
18749| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
18750| [74174] Apache WSS4J up to 2.0.0 privilege escalation
18751| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
18752| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
18753| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
18754| [73731] Apache XML Security unknown vulnerability
18755| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
18756| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
18757| [73593] Apache Traffic Server up to 5.1.0 denial of service
18758| [73511] Apache POI up to 3.10 Deadlock denial of service
18759| [73510] Apache Solr up to 4.3.0 cross site scripting
18760| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
18761| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
18762| [73173] Apache CloudStack Stack-Based unknown vulnerability
18763| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
18764| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
18765| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
18766| [72890] Apache Qpid 0.30 unknown vulnerability
18767| [72887] Apache Hive 0.13.0 File Permission privilege escalation
18768| [72878] Apache Cordova 3.5.0 cross site request forgery
18769| [72877] Apache Cordova 3.5.0 cross site request forgery
18770| [72876] Apache Cordova 3.5.0 cross site request forgery
18771| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
18772| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
18773| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
18774| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
18775| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
18776| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
18777| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
18778| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
18779| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
18780| [71629] Apache Axis2/C spoofing
18781| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
18782| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
18783| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
18784| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
18785| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
18786| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
18787| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
18788| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
18789| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
18790| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
18791| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
18792| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
18793| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
18794| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
18795| [70809] Apache POI up to 3.11 Crash denial of service
18796| [70808] Apache POI up to 3.10 unknown vulnerability
18797| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
18798| [70749] Apache Axis up to 1.4 getCN spoofing
18799| [70701] Apache Traffic Server up to 3.3.5 denial of service
18800| [70700] Apache OFBiz up to 12.04.03 cross site scripting
18801| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
18802| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
18803| [70661] Apache Subversion up to 1.6.17 denial of service
18804| [70660] Apache Subversion up to 1.6.17 spoofing
18805| [70659] Apache Subversion up to 1.6.17 spoofing
18806| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
18807| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
18808| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
18809| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
18810| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
18811| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
18812| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
18813| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
18814| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
18815| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
18816| [69846] Apache HBase up to 0.94.8 information disclosure
18817| [69783] Apache CouchDB up to 1.2.0 memory corruption
18818| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
18819| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
18820| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
18821| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
18822| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
18823| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
18824| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
18825| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
18826| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
18827| [69431] Apache Archiva up to 1.3.6 cross site scripting
18828| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
18829| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
18830| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
18831| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
18832| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
18833| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
18834| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
18835| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
18836| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
18837| [66739] Apache Camel up to 2.12.2 unknown vulnerability
18838| [66738] Apache Camel up to 2.12.2 unknown vulnerability
18839| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
18840| [66695] Apache CouchDB up to 1.2.0 cross site scripting
18841| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
18842| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
18843| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
18844| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
18845| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
18846| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
18847| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
18848| [66356] Apache Wicket up to 6.8.0 information disclosure
18849| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
18850| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
18851| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
18852| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
18853| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
18854| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
18855| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
18856| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
18857| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
18858| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
18859| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
18860| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
18861| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
18862| [65668] Apache Solr 4.0.0 Updater denial of service
18863| [65665] Apache Solr up to 4.3.0 denial of service
18864| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
18865| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
18866| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
18867| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
18868| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
18869| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
18870| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
18871| [65410] Apache Struts 2.3.15.3 cross site scripting
18872| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
18873| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
18874| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
18875| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
18876| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
18877| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
18878| [65340] Apache Shindig 2.5.0 information disclosure
18879| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
18880| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
18881| [10826] Apache Struts 2 File privilege escalation
18882| [65204] Apache Camel up to 2.10.1 unknown vulnerability
18883| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
18884| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
18885| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
18886| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
18887| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
18888| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
18889| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
18890| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
18891| [64722] Apache XML Security for C++ Heap-based memory corruption
18892| [64719] Apache XML Security for C++ Heap-based memory corruption
18893| [64718] Apache XML Security for C++ verify denial of service
18894| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
18895| [64716] Apache XML Security for C++ spoofing
18896| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
18897| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
18898| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
18899| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
18900| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
18901| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
18902| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
18903| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
18904| [64485] Apache Struts up to 2.2.3.0 privilege escalation
18905| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
18906| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
18907| [64467] Apache Geronimo 3.0 memory corruption
18908| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
18909| [64457] Apache Struts up to 2.2.3.0 cross site scripting
18910| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
18911| [9184] Apache Qpid up to 0.20 SSL misconfiguration
18912| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
18913| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
18914| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
18915| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
18916| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
18917| [8873] Apache Struts 2.3.14 privilege escalation
18918| [8872] Apache Struts 2.3.14 privilege escalation
18919| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
18920| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
18921| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
18922| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
18923| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
18924| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
18925| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
18926| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
18927| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
18928| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
18929| [64006] Apache ActiveMQ up to 5.7.0 denial of service
18930| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
18931| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
18932| [8427] Apache Tomcat Session Transaction weak authentication
18933| [63960] Apache Maven 3.0.4 Default Configuration spoofing
18934| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
18935| [63750] Apache qpid up to 0.20 checkAvailable denial of service
18936| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
18937| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
18938| [63747] Apache Rave up to 0.20 User Account information disclosure
18939| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
18940| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
18941| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
18942| [7687] Apache CXF up to 2.7.2 Token weak authentication
18943| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
18944| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
18945| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
18946| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
18947| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
18948| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
18949| [63090] Apache Tomcat up to 4.1.24 denial of service
18950| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
18951| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
18952| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
18953| [62833] Apache CXF -/2.6.0 spoofing
18954| [62832] Apache Axis2 up to 1.6.2 spoofing
18955| [62831] Apache Axis up to 1.4 Java Message Service spoofing
18956| [62830] Apache Commons-httpclient 3.0 Payments spoofing
18957| [62826] Apache Libcloud up to 0.11.0 spoofing
18958| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
18959| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
18960| [62661] Apache Axis2 unknown vulnerability
18961| [62658] Apache Axis2 unknown vulnerability
18962| [62467] Apache Qpid up to 0.17 denial of service
18963| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
18964| [6301] Apache HTTP Server mod_pagespeed cross site scripting
18965| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
18966| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
18967| [62035] Apache Struts up to 2.3.4 denial of service
18968| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
18969| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
18970| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
18971| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
18972| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
18973| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
18974| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
18975| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
18976| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
18977| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
18978| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
18979| [61229] Apache Sling up to 2.1.1 denial of service
18980| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
18981| [61094] Apache Roller up to 5.0 cross site scripting
18982| [61093] Apache Roller up to 5.0 cross site request forgery
18983| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
18984| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
18985| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
18986| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
18987| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
18988| [60708] Apache Qpid 0.12 unknown vulnerability
18989| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
18990| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
18991| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
18992| [4882] Apache Wicket up to 1.5.4 directory traversal
18993| [4881] Apache Wicket up to 1.4.19 cross site scripting
18994| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
18995| [60352] Apache Struts up to 2.2.3 memory corruption
18996| [60153] Apache Portable Runtime up to 1.4.3 denial of service
18997| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
18998| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
18999| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
19000| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
19001| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
19002| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
19003| [4571] Apache Struts up to 2.3.1.2 privilege escalation
19004| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
19005| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
19006| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
19007| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
19008| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
19009| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
19010| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
19011| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
19012| [59888] Apache Tomcat up to 6.0.6 denial of service
19013| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
19014| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
19015| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
19016| [59850] Apache Geronimo up to 2.2.1 denial of service
19017| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
19018| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
19019| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
19020| [58413] Apache Tomcat up to 6.0.10 spoofing
19021| [58381] Apache Wicket up to 1.4.17 cross site scripting
19022| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
19023| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
19024| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
19025| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
19026| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19027| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
19028| [57568] Apache Archiva up to 1.3.4 cross site scripting
19029| [57567] Apache Archiva up to 1.3.4 cross site request forgery
19030| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
19031| [4355] Apache HTTP Server APR apr_fnmatch denial of service
19032| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
19033| [57425] Apache Struts up to 2.2.1.1 cross site scripting
19034| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
19035| [57025] Apache Tomcat up to 7.0.11 information disclosure
19036| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
19037| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
19038| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19039| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
19040| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
19041| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
19042| [56512] Apache Continuum up to 1.4.0 cross site scripting
19043| [4285] Apache Tomcat 5.x JVM getLocale denial of service
19044| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
19045| [4283] Apache Tomcat 5.x ServletContect privilege escalation
19046| [56441] Apache Tomcat up to 7.0.6 denial of service
19047| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
19048| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
19049| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
19050| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
19051| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
19052| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
19053| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
19054| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
19055| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
19056| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
19057| [54693] Apache Traffic Server DNS Cache unknown vulnerability
19058| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
19059| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
19060| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
19061| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
19062| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
19063| [54012] Apache Tomcat up to 6.0.10 denial of service
19064| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
19065| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
19066| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
19067| [52894] Apache Tomcat up to 6.0.7 information disclosure
19068| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
19069| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
19070| [52786] Apache Open For Business Project up to 09.04 cross site scripting
19071| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
19072| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
19073| [52584] Apache CouchDB up to 0.10.1 information disclosure
19074| [51757] Apache HTTP Server 2.0.44 cross site scripting
19075| [51756] Apache HTTP Server 2.0.44 spoofing
19076| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
19077| [51690] Apache Tomcat up to 6.0 directory traversal
19078| [51689] Apache Tomcat up to 6.0 information disclosure
19079| [51688] Apache Tomcat up to 6.0 directory traversal
19080| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
19081| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
19082| [50626] Apache Solr 1.0.0 cross site scripting
19083| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
19084| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
19085| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
19086| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
19087| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
19088| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
19089| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
19090| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
19091| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
19092| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
19093| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
19094| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
19095| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
19096| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
19097| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
19098| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
19099| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
19100| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
19101| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
19102| [47214] Apachefriends xampp 1.6.8 spoofing
19103| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
19104| [47162] Apachefriends XAMPP 1.4.4 weak authentication
19105| [47065] Apache Tomcat 4.1.23 cross site scripting
19106| [46834] Apache Tomcat up to 5.5.20 cross site scripting
19107| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
19108| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
19109| [86625] Apache Struts directory traversal
19110| [44461] Apache Tomcat up to 5.5.0 information disclosure
19111| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
19112| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
19113| [43663] Apache Tomcat up to 6.0.16 directory traversal
19114| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
19115| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
19116| [43516] Apache Tomcat up to 4.1.20 directory traversal
19117| [43509] Apache Tomcat up to 6.0.13 cross site scripting
19118| [42637] Apache Tomcat up to 6.0.16 cross site scripting
19119| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
19120| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
19121| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
19122| [40924] Apache Tomcat up to 6.0.15 information disclosure
19123| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
19124| [40922] Apache Tomcat up to 6.0 information disclosure
19125| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
19126| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
19127| [40656] Apache Tomcat 5.5.20 information disclosure
19128| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
19129| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
19130| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
19131| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
19132| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
19133| [40234] Apache Tomcat up to 6.0.15 directory traversal
19134| [40221] Apache HTTP Server 2.2.6 information disclosure
19135| [40027] David Castro Apache Authcas 0.4 sql injection
19136| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
19137| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
19138| [3414] Apache Tomcat WebDAV Stored privilege escalation
19139| [39489] Apache Jakarta Slide up to 2.1 directory traversal
19140| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
19141| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
19142| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
19143| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
19144| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
19145| [38524] Apache Geronimo 2.0 unknown vulnerability
19146| [3256] Apache Tomcat up to 6.0.13 cross site scripting
19147| [38331] Apache Tomcat 4.1.24 information disclosure
19148| [38330] Apache Tomcat 4.1.24 information disclosure
19149| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
19150| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
19151| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
19152| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
19153| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
19154| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
19155| [37292] Apache Tomcat up to 5.5.1 cross site scripting
19156| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
19157| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
19158| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
19159| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
19160| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
19161| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
19162| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
19163| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
19164| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
19165| [36225] XAMPP Apache Distribution 1.6.0a sql injection
19166| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
19167| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
19168| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
19169| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
19170| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
19171| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
19172| [34252] Apache HTTP Server denial of service
19173| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
19174| [33877] Apache Opentaps 0.9.3 cross site scripting
19175| [33876] Apache Open For Business Project unknown vulnerability
19176| [33875] Apache Open For Business Project cross site scripting
19177| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
19178| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
19179|
19180| MITRE CVE - https://cve.mitre.org:
19181| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
19182| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
19183| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
19184| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
19185| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
19186| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
19187| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
19188| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
19189| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
19190| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
19191| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
19192| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
19193| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
19194| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
19195| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
19196| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
19197| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
19198| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
19199| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
19200| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
19201| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
19202| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
19203| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
19204| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
19205| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
19206| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
19207| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
19208| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
19209| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
19210| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
19211| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19212| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
19213| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
19214| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
19215| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
19216| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
19217| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
19218| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
19219| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
19220| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
19221| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
19222| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19223| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19224| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19225| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19226| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
19227| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
19228| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
19229| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
19230| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
19231| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
19232| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
19233| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
19234| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
19235| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
19236| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
19237| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
19238| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
19239| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
19240| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
19241| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
19242| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
19243| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
19244| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
19245| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19246| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
19247| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
19248| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
19249| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
19250| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
19251| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
19252| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
19253| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
19254| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
19255| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
19256| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
19257| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
19258| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
19259| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
19260| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
19261| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
19262| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
19263| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
19264| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
19265| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
19266| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
19267| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
19268| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
19269| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
19270| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
19271| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
19272| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
19273| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
19274| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
19275| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
19276| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
19277| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
19278| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
19279| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
19280| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
19281| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
19282| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
19283| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
19284| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
19285| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
19286| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
19287| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
19288| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
19289| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
19290| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
19291| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
19292| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
19293| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
19294| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
19295| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
19296| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
19297| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
19298| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
19299| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
19300| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
19301| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
19302| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
19303| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
19304| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
19305| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19306| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19307| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
19308| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
19309| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
19310| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
19311| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
19312| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
19313| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
19314| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
19315| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
19316| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
19317| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
19318| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
19319| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
19320| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
19321| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
19322| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
19323| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
19324| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
19325| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
19326| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
19327| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
19328| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
19329| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
19330| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
19331| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
19332| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
19333| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
19334| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
19335| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
19336| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
19337| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
19338| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
19339| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
19340| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
19341| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
19342| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
19343| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
19344| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19345| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
19346| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
19347| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
19348| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
19349| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
19350| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
19351| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
19352| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
19353| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
19354| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
19355| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
19356| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
19357| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
19358| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
19359| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
19360| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19361| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
19362| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
19363| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
19364| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
19365| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
19366| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
19367| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
19368| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
19369| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
19370| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
19371| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
19372| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
19373| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
19374| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
19375| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
19376| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
19377| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
19378| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
19379| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
19380| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
19381| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
19382| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
19383| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
19384| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
19385| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
19386| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
19387| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
19388| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
19389| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
19390| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
19391| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
19392| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
19393| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
19394| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
19395| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
19396| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
19397| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
19398| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
19399| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
19400| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
19401| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19402| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
19403| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
19404| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
19405| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
19406| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
19407| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
19408| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
19409| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
19410| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
19411| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
19412| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
19413| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
19414| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
19415| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
19416| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
19417| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
19418| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
19419| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
19420| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
19421| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
19422| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
19423| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
19424| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
19425| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
19426| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
19427| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
19428| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
19429| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
19430| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
19431| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
19432| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
19433| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
19434| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
19435| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
19436| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
19437| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
19438| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
19439| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
19440| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
19441| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
19442| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
19443| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
19444| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
19445| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
19446| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
19447| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
19448| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
19449| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
19450| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19451| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
19452| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
19453| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
19454| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
19455| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
19456| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
19457| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
19458| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
19459| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
19460| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
19461| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
19462| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
19463| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
19464| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
19465| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
19466| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
19467| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
19468| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
19469| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
19470| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
19471| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
19472| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
19473| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
19474| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19475| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19476| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
19477| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
19478| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
19479| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
19480| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
19481| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
19482| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
19483| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
19484| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
19485| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
19486| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19487| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19488| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
19489| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
19490| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
19491| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19492| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
19493| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
19494| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
19495| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
19496| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
19497| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
19498| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
19499| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
19500| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19501| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
19502| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
19503| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
19504| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
19505| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
19506| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
19507| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
19508| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
19509| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
19510| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
19511| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
19512| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
19513| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
19514| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
19515| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
19516| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
19517| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
19518| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
19519| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
19520| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
19521| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
19522| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
19523| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
19524| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
19525| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
19526| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
19527| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
19528| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19529| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19530| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
19531| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
19532| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
19533| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19534| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
19535| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
19536| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
19537| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
19538| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
19539| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
19540| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
19541| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
19542| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
19543| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
19544| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
19545| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
19546| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
19547| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19548| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19549| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
19550| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
19551| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
19552| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
19553| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
19554| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
19555| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
19556| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19557| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
19558| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19559| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
19560| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
19561| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
19562| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19563| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
19564| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19565| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
19566| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
19567| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19568| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
19569| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
19570| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
19571| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
19572| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
19573| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
19574| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
19575| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
19576| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19577| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
19578| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
19579| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
19580| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
19581| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
19582| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
19583| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
19584| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
19585| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
19586| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
19587| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
19588| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
19589| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
19590| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
19591| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
19592| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
19593| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
19594| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
19595| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
19596| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
19597| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
19598| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19599| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19600| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
19601| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
19602| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
19603| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
19604| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
19605| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
19606| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
19607| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
19608| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
19609| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
19610| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
19611| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
19612| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
19613| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
19614| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
19615| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
19616| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
19617| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
19618| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
19619| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
19620| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
19621| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
19622| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
19623| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19624| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19625| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
19626| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
19627| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
19628| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
19629| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
19630| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
19631| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
19632| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
19633| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
19634| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
19635| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
19636| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
19637| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
19638| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
19639| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
19640| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
19641| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19642| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19643| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
19644| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
19645| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
19646| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
19647| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
19648| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
19649| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
19650| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
19651| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
19652| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
19653| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
19654| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
19655| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
19656| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
19657| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
19658| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
19659| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
19660| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
19661| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
19662| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
19663| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
19664| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
19665| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
19666| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
19667| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
19668| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19669| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19670| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
19671| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
19672| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
19673| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
19674| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
19675| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
19676| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
19677| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
19678| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
19679| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
19680| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
19681| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
19682| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
19683| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
19684| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
19685| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
19686| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
19687| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
19688| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
19689| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
19690| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
19691| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
19692| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
19693| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
19694| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
19695| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
19696| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
19697| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
19698| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
19699| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
19700| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
19701| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
19702| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
19703| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
19704| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
19705| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
19706| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
19707| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
19708| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
19709| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
19710| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
19711| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
19712| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
19713| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
19714| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
19715| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
19716| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
19717| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
19718| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
19719| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
19720| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
19721| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
19722| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
19723| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
19724| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
19725| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
19726| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
19727| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
19728| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
19729| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
19730| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
19731| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
19732| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
19733| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
19734| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
19735| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
19736| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
19737| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
19738| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
19739| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
19740| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
19741| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
19742| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
19743| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
19744| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
19745| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
19746| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
19747| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
19748| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
19749| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
19750| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
19751| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
19752| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
19753| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
19754| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
19755| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
19756| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
19757| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
19758| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
19759| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
19760| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
19761| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
19762| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
19763| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
19764| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
19765| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
19766| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
19767| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
19768| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
19769| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
19770| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
19771| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
19772| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
19773| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
19774| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
19775| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
19776| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
19777| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
19778| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
19779| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
19780| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
19781| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
19782| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
19783| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
19784| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
19785| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
19786| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
19787| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
19788| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
19789| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
19790|
19791| SecurityFocus - https://www.securityfocus.com/bid/:
19792| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
19793| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
19794| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
19795| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
19796| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
19797| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
19798| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
19799| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
19800| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
19801| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
19802| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
19803| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
19804| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
19805| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
19806| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
19807| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
19808| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
19809| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
19810| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
19811| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
19812| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
19813| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
19814| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
19815| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
19816| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
19817| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
19818| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
19819| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
19820| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
19821| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
19822| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
19823| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
19824| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
19825| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
19826| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
19827| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
19828| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
19829| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
19830| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
19831| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
19832| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
19833| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
19834| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
19835| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
19836| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
19837| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
19838| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
19839| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
19840| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
19841| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
19842| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
19843| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
19844| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
19845| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
19846| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
19847| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
19848| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
19849| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
19850| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
19851| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
19852| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
19853| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
19854| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
19855| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
19856| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
19857| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
19858| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
19859| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
19860| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
19861| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
19862| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
19863| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
19864| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
19865| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
19866| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
19867| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
19868| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
19869| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
19870| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
19871| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
19872| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
19873| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
19874| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
19875| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
19876| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
19877| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
19878| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
19879| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
19880| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
19881| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
19882| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
19883| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
19884| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
19885| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
19886| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
19887| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
19888| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
19889| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
19890| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
19891| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
19892| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
19893| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
19894| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
19895| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
19896| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
19897| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
19898| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
19899| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
19900| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
19901| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
19902| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
19903| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
19904| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
19905| [100447] Apache2Triad Multiple Security Vulnerabilities
19906| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
19907| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
19908| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
19909| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
19910| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
19911| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
19912| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
19913| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
19914| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
19915| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
19916| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
19917| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
19918| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
19919| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
19920| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
19921| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
19922| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
19923| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
19924| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
19925| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
19926| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
19927| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
19928| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
19929| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
19930| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
19931| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
19932| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
19933| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
19934| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
19935| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
19936| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
19937| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
19938| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
19939| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
19940| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
19941| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
19942| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
19943| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
19944| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
19945| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
19946| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
19947| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
19948| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
19949| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
19950| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
19951| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
19952| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
19953| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
19954| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
19955| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
19956| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
19957| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
19958| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
19959| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
19960| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
19961| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
19962| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
19963| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
19964| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
19965| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
19966| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
19967| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
19968| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
19969| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
19970| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
19971| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
19972| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
19973| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
19974| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
19975| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
19976| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
19977| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
19978| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
19979| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
19980| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
19981| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
19982| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
19983| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
19984| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
19985| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
19986| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
19987| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
19988| [95675] Apache Struts Remote Code Execution Vulnerability
19989| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
19990| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
19991| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
19992| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
19993| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
19994| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
19995| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
19996| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
19997| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
19998| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
19999| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
20000| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
20001| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
20002| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
20003| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
20004| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
20005| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
20006| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
20007| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
20008| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
20009| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
20010| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
20011| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
20012| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
20013| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
20014| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
20015| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
20016| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
20017| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
20018| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
20019| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
20020| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
20021| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
20022| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
20023| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
20024| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
20025| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
20026| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
20027| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
20028| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
20029| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
20030| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
20031| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
20032| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
20033| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
20034| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
20035| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
20036| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
20037| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
20038| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
20039| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
20040| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
20041| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
20042| [91736] Apache XML-RPC Multiple Security Vulnerabilities
20043| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
20044| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
20045| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
20046| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
20047| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
20048| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
20049| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
20050| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
20051| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
20052| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
20053| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
20054| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
20055| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
20056| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
20057| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
20058| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
20059| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
20060| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
20061| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
20062| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
20063| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
20064| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
20065| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
20066| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
20067| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
20068| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
20069| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
20070| [90482] Apache CVE-2004-1387 Local Security Vulnerability
20071| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
20072| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
20073| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
20074| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
20075| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
20076| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
20077| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
20078| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
20079| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
20080| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
20081| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
20082| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
20083| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
20084| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
20085| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
20086| [86399] Apache CVE-2007-1743 Local Security Vulnerability
20087| [86397] Apache CVE-2007-1742 Local Security Vulnerability
20088| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
20089| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
20090| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
20091| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
20092| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
20093| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
20094| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
20095| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
20096| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
20097| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
20098| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
20099| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
20100| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
20101| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
20102| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
20103| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
20104| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
20105| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
20106| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
20107| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
20108| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
20109| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
20110| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
20111| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
20112| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
20113| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
20114| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
20115| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
20116| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
20117| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
20118| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
20119| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
20120| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
20121| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
20122| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
20123| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
20124| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
20125| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
20126| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
20127| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
20128| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
20129| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
20130| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
20131| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
20132| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
20133| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
20134| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
20135| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
20136| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
20137| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
20138| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
20139| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
20140| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
20141| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
20142| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
20143| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
20144| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
20145| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
20146| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
20147| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
20148| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
20149| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
20150| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
20151| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
20152| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
20153| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
20154| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
20155| [76933] Apache James Server Unspecified Command Execution Vulnerability
20156| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
20157| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
20158| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
20159| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
20160| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
20161| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
20162| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
20163| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
20164| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
20165| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
20166| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
20167| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
20168| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
20169| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
20170| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
20171| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
20172| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
20173| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
20174| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
20175| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
20176| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
20177| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
20178| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
20179| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
20180| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
20181| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
20182| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
20183| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
20184| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
20185| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
20186| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
20187| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
20188| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
20189| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
20190| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
20191| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
20192| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
20193| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
20194| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
20195| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
20196| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
20197| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
20198| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
20199| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
20200| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
20201| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
20202| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
20203| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
20204| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
20205| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
20206| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
20207| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
20208| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
20209| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
20210| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
20211| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
20212| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
20213| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
20214| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
20215| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
20216| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
20217| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
20218| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
20219| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
20220| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
20221| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
20222| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
20223| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
20224| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
20225| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
20226| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
20227| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
20228| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
20229| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
20230| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
20231| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
20232| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
20233| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
20234| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
20235| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
20236| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
20237| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
20238| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
20239| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
20240| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
20241| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
20242| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
20243| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
20244| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
20245| [68229] Apache Harmony PRNG Entropy Weakness
20246| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
20247| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
20248| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
20249| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
20250| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
20251| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
20252| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
20253| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
20254| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
20255| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
20256| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
20257| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
20258| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
20259| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
20260| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
20261| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
20262| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
20263| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
20264| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
20265| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
20266| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
20267| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
20268| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
20269| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
20270| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
20271| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
20272| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
20273| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
20274| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
20275| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
20276| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
20277| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
20278| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
20279| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
20280| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
20281| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
20282| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
20283| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
20284| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
20285| [64780] Apache CloudStack Unauthorized Access Vulnerability
20286| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
20287| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
20288| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
20289| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
20290| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
20291| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
20292| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
20293| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
20294| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
20295| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
20296| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
20297| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20298| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
20299| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
20300| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
20301| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
20302| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
20303| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
20304| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
20305| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
20306| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
20307| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
20308| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
20309| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
20310| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
20311| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
20312| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
20313| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
20314| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
20315| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
20316| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
20317| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
20318| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
20319| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
20320| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
20321| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
20322| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
20323| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
20324| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
20325| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
20326| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
20327| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
20328| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
20329| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
20330| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
20331| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
20332| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
20333| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
20334| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
20335| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
20336| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
20337| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
20338| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
20339| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
20340| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
20341| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
20342| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
20343| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
20344| [59670] Apache VCL Multiple Input Validation Vulnerabilities
20345| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
20346| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
20347| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
20348| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
20349| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
20350| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
20351| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
20352| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
20353| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
20354| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
20355| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
20356| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
20357| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
20358| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
20359| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
20360| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
20361| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
20362| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
20363| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
20364| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
20365| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
20366| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
20367| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
20368| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
20369| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
20370| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
20371| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
20372| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
20373| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
20374| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
20375| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
20376| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
20377| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
20378| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
20379| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
20380| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
20381| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
20382| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
20383| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
20384| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
20385| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
20386| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
20387| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
20388| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
20389| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
20390| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
20391| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
20392| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
20393| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
20394| [54798] Apache Libcloud Man In The Middle Vulnerability
20395| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
20396| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
20397| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
20398| [54189] Apache Roller Cross Site Request Forgery Vulnerability
20399| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
20400| [53880] Apache CXF Child Policies Security Bypass Vulnerability
20401| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
20402| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
20403| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
20404| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
20405| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
20406| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
20407| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
20408| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
20409| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
20410| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
20411| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
20412| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
20413| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
20414| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
20415| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
20416| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
20417| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
20418| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
20419| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
20420| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
20421| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20422| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
20423| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
20424| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
20425| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
20426| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
20427| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
20428| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
20429| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
20430| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
20431| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
20432| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
20433| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
20434| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
20435| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20436| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
20437| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
20438| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
20439| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
20440| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
20441| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
20442| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
20443| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
20444| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
20445| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
20446| [49290] Apache Wicket Cross Site Scripting Vulnerability
20447| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
20448| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
20449| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
20450| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
20451| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
20452| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
20453| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
20454| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20455| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
20456| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
20457| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
20458| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
20459| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
20460| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
20461| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
20462| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
20463| [46953] Apache MPM-ITK Module Security Weakness
20464| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
20465| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
20466| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
20467| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
20468| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
20469| [46166] Apache Tomcat JVM Denial of Service Vulnerability
20470| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
20471| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
20472| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
20473| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
20474| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
20475| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
20476| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
20477| [44616] Apache Shiro Directory Traversal Vulnerability
20478| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
20479| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
20480| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
20481| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
20482| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
20483| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
20484| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
20485| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
20486| [42492] Apache CXF XML DTD Processing Security Vulnerability
20487| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
20488| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
20489| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
20490| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
20491| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
20492| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
20493| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
20494| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
20495| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
20496| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
20497| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
20498| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
20499| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
20500| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20501| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
20502| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
20503| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
20504| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
20505| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
20506| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
20507| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
20508| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
20509| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
20510| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
20511| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
20512| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
20513| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
20514| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
20515| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
20516| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
20517| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
20518| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
20519| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
20520| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
20521| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
20522| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20523| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
20524| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
20525| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
20526| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
20527| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
20528| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
20529| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20530| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
20531| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
20532| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
20533| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
20534| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
20535| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
20536| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
20537| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
20538| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
20539| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
20540| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
20541| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
20542| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
20543| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
20544| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
20545| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
20546| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
20547| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20548| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
20549| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
20550| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
20551| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
20552| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
20553| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
20554| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
20555| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
20556| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
20557| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
20558| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
20559| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
20560| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
20561| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
20562| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
20563| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
20564| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
20565| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
20566| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
20567| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
20568| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
20569| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
20570| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
20571| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
20572| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
20573| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
20574| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
20575| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
20576| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
20577| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
20578| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
20579| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
20580| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
20581| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
20582| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
20583| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
20584| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
20585| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
20586| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
20587| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
20588| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
20589| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
20590| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
20591| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
20592| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
20593| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
20594| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
20595| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
20596| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
20597| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
20598| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
20599| [20527] Apache Mod_TCL Remote Format String Vulnerability
20600| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
20601| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
20602| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
20603| [19106] Apache Tomcat Information Disclosure Vulnerability
20604| [18138] Apache James SMTP Denial Of Service Vulnerability
20605| [17342] Apache Struts Multiple Remote Vulnerabilities
20606| [17095] Apache Log4Net Denial Of Service Vulnerability
20607| [16916] Apache mod_python FileSession Code Execution Vulnerability
20608| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
20609| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
20610| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
20611| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
20612| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
20613| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
20614| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
20615| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
20616| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
20617| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
20618| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
20619| [15177] PHP Apache 2 Local Denial of Service Vulnerability
20620| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
20621| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
20622| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
20623| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
20624| [14106] Apache HTTP Request Smuggling Vulnerability
20625| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
20626| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
20627| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
20628| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
20629| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
20630| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
20631| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
20632| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
20633| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
20634| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
20635| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
20636| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
20637| [11471] Apache mod_include Local Buffer Overflow Vulnerability
20638| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
20639| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
20640| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
20641| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
20642| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
20643| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
20644| [11094] Apache mod_ssl Denial Of Service Vulnerability
20645| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
20646| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
20647| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
20648| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
20649| [10478] ClueCentral Apache Suexec Patch Security Weakness
20650| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
20651| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
20652| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
20653| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
20654| [9921] Apache Connection Blocking Denial Of Service Vulnerability
20655| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
20656| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
20657| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
20658| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
20659| [9733] Apache Cygwin Directory Traversal Vulnerability
20660| [9599] Apache mod_php Global Variables Information Disclosure Weakness
20661| [9590] Apache-SSL Client Certificate Forging Vulnerability
20662| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
20663| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
20664| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
20665| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
20666| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
20667| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
20668| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
20669| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
20670| [8898] Red Hat Apache Directory Index Default Configuration Error
20671| [8883] Apache Cocoon Directory Traversal Vulnerability
20672| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
20673| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
20674| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
20675| [8707] Apache htpasswd Password Entropy Weakness
20676| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
20677| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
20678| [8226] Apache HTTP Server Multiple Vulnerabilities
20679| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
20680| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
20681| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
20682| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
20683| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
20684| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
20685| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
20686| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
20687| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
20688| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
20689| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
20690| [7255] Apache Web Server File Descriptor Leakage Vulnerability
20691| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
20692| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
20693| [6939] Apache Web Server ETag Header Information Disclosure Weakness
20694| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
20695| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
20696| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
20697| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
20698| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
20699| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
20700| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
20701| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
20702| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
20703| [6117] Apache mod_php File Descriptor Leakage Vulnerability
20704| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
20705| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
20706| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
20707| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
20708| [5992] Apache HTDigest Insecure Temporary File Vulnerability
20709| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
20710| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
20711| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
20712| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
20713| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
20714| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
20715| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
20716| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
20717| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
20718| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
20719| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
20720| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
20721| [5485] Apache 2.0 Path Disclosure Vulnerability
20722| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
20723| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
20724| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
20725| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
20726| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
20727| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
20728| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
20729| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
20730| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
20731| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
20732| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
20733| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
20734| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
20735| [4437] Apache Error Message Cross-Site Scripting Vulnerability
20736| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
20737| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
20738| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
20739| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
20740| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
20741| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
20742| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
20743| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
20744| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
20745| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
20746| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
20747| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
20748| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
20749| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
20750| [3596] Apache Split-Logfile File Append Vulnerability
20751| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
20752| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
20753| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
20754| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
20755| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
20756| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
20757| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
20758| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
20759| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
20760| [3169] Apache Server Address Disclosure Vulnerability
20761| [3009] Apache Possible Directory Index Disclosure Vulnerability
20762| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
20763| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
20764| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
20765| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
20766| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
20767| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
20768| [2216] Apache Web Server DoS Vulnerability
20769| [2182] Apache /tmp File Race Vulnerability
20770| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
20771| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
20772| [1821] Apache mod_cookies Buffer Overflow Vulnerability
20773| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
20774| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
20775| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
20776| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
20777| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
20778| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
20779| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
20780| [1457] Apache::ASP source.asp Example Script Vulnerability
20781| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
20782| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
20783|
20784| IBM X-Force - https://exchange.xforce.ibmcloud.com:
20785| [86258] Apache CloudStack text fields cross-site scripting
20786| [85983] Apache Subversion mod_dav_svn module denial of service
20787| [85875] Apache OFBiz UEL code execution
20788| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
20789| [85871] Apache HTTP Server mod_session_dbd unspecified
20790| [85756] Apache Struts OGNL expression command execution
20791| [85755] Apache Struts DefaultActionMapper class open redirect
20792| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
20793| [85574] Apache HTTP Server mod_dav denial of service
20794| [85573] Apache Struts Showcase App OGNL code execution
20795| [85496] Apache CXF denial of service
20796| [85423] Apache Geronimo RMI classloader code execution
20797| [85326] Apache Santuario XML Security for C++ buffer overflow
20798| [85323] Apache Santuario XML Security for Java spoofing
20799| [85319] Apache Qpid Python client SSL spoofing
20800| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
20801| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
20802| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
20803| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
20804| [84952] Apache Tomcat CVE-2012-3544 denial of service
20805| [84763] Apache Struts CVE-2013-2135 security bypass
20806| [84762] Apache Struts CVE-2013-2134 security bypass
20807| [84719] Apache Subversion CVE-2013-2088 command execution
20808| [84718] Apache Subversion CVE-2013-2112 denial of service
20809| [84717] Apache Subversion CVE-2013-1968 denial of service
20810| [84577] Apache Tomcat security bypass
20811| [84576] Apache Tomcat symlink
20812| [84543] Apache Struts CVE-2013-2115 security bypass
20813| [84542] Apache Struts CVE-2013-1966 security bypass
20814| [84154] Apache Tomcat session hijacking
20815| [84144] Apache Tomcat denial of service
20816| [84143] Apache Tomcat information disclosure
20817| [84111] Apache HTTP Server command execution
20818| [84043] Apache Virtual Computing Lab cross-site scripting
20819| [84042] Apache Virtual Computing Lab cross-site scripting
20820| [83782] Apache CloudStack information disclosure
20821| [83781] Apache CloudStack security bypass
20822| [83720] Apache ActiveMQ cross-site scripting
20823| [83719] Apache ActiveMQ denial of service
20824| [83718] Apache ActiveMQ denial of service
20825| [83263] Apache Subversion denial of service
20826| [83262] Apache Subversion denial of service
20827| [83261] Apache Subversion denial of service
20828| [83259] Apache Subversion denial of service
20829| [83035] Apache mod_ruid2 security bypass
20830| [82852] Apache Qpid federation_tag security bypass
20831| [82851] Apache Qpid qpid::framing::Buffer denial of service
20832| [82758] Apache Rave User RPC API information disclosure
20833| [82663] Apache Subversion svn_fs_file_length() denial of service
20834| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
20835| [82641] Apache Qpid AMQP denial of service
20836| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
20837| [82618] Apache Commons FileUpload symlink
20838| [82360] Apache HTTP Server manager interface cross-site scripting
20839| [82359] Apache HTTP Server hostnames cross-site scripting
20840| [82338] Apache Tomcat log/logdir information disclosure
20841| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
20842| [82268] Apache OpenJPA deserialization command execution
20843| [81981] Apache CXF UsernameTokens security bypass
20844| [81980] Apache CXF WS-Security security bypass
20845| [81398] Apache OFBiz cross-site scripting
20846| [81240] Apache CouchDB directory traversal
20847| [81226] Apache CouchDB JSONP code execution
20848| [81225] Apache CouchDB Futon user interface cross-site scripting
20849| [81211] Apache Axis2/C SSL spoofing
20850| [81167] Apache CloudStack DeployVM information disclosure
20851| [81166] Apache CloudStack AddHost API information disclosure
20852| [81165] Apache CloudStack createSSHKeyPair API information disclosure
20853| [80518] Apache Tomcat cross-site request forgery security bypass
20854| [80517] Apache Tomcat FormAuthenticator security bypass
20855| [80516] Apache Tomcat NIO denial of service
20856| [80408] Apache Tomcat replay-countermeasure security bypass
20857| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
20858| [80317] Apache Tomcat slowloris denial of service
20859| [79984] Apache Commons HttpClient SSL spoofing
20860| [79983] Apache CXF SSL spoofing
20861| [79830] Apache Axis2/Java SSL spoofing
20862| [79829] Apache Axis SSL spoofing
20863| [79809] Apache Tomcat DIGEST security bypass
20864| [79806] Apache Tomcat parseHeaders() denial of service
20865| [79540] Apache OFBiz unspecified
20866| [79487] Apache Axis2 SAML security bypass
20867| [79212] Apache Cloudstack code execution
20868| [78734] Apache CXF SOAP Action security bypass
20869| [78730] Apache Qpid broker denial of service
20870| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
20871| [78563] Apache mod_pagespeed module unspecified cross-site scripting
20872| [78562] Apache mod_pagespeed module security bypass
20873| [78454] Apache Axis2 security bypass
20874| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
20875| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
20876| [78321] Apache Wicket unspecified cross-site scripting
20877| [78183] Apache Struts parameters denial of service
20878| [78182] Apache Struts cross-site request forgery
20879| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
20880| [77987] mod_rpaf module for Apache denial of service
20881| [77958] Apache Struts skill name code execution
20882| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
20883| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
20884| [77568] Apache Qpid broker security bypass
20885| [77421] Apache Libcloud spoofing
20886| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
20887| [77046] Oracle Solaris Apache HTTP Server information disclosure
20888| [76837] Apache Hadoop information disclosure
20889| [76802] Apache Sling CopyFrom denial of service
20890| [76692] Apache Hadoop symlink
20891| [76535] Apache Roller console cross-site request forgery
20892| [76534] Apache Roller weblog cross-site scripting
20893| [76152] Apache CXF elements security bypass
20894| [76151] Apache CXF child policies security bypass
20895| [75983] MapServer for Windows Apache file include
20896| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
20897| [75558] Apache POI denial of service
20898| [75545] PHP apache_request_headers() buffer overflow
20899| [75302] Apache Qpid SASL security bypass
20900| [75211] Debian GNU/Linux apache 2 cross-site scripting
20901| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
20902| [74871] Apache OFBiz FlexibleStringExpander code execution
20903| [74870] Apache OFBiz multiple cross-site scripting
20904| [74750] Apache Hadoop unspecified spoofing
20905| [74319] Apache Struts XSLTResult.java file upload
20906| [74313] Apache Traffic Server header buffer overflow
20907| [74276] Apache Wicket directory traversal
20908| [74273] Apache Wicket unspecified cross-site scripting
20909| [74181] Apache HTTP Server mod_fcgid module denial of service
20910| [73690] Apache Struts OGNL code execution
20911| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
20912| [73100] Apache MyFaces in directory traversal
20913| [73096] Apache APR hash denial of service
20914| [73052] Apache Struts name cross-site scripting
20915| [73030] Apache CXF UsernameToken security bypass
20916| [72888] Apache Struts lastName cross-site scripting
20917| [72758] Apache HTTP Server httpOnly information disclosure
20918| [72757] Apache HTTP Server MPM denial of service
20919| [72585] Apache Struts ParameterInterceptor security bypass
20920| [72438] Apache Tomcat Digest security bypass
20921| [72437] Apache Tomcat Digest security bypass
20922| [72436] Apache Tomcat DIGEST security bypass
20923| [72425] Apache Tomcat parameter denial of service
20924| [72422] Apache Tomcat request object information disclosure
20925| [72377] Apache HTTP Server scoreboard security bypass
20926| [72345] Apache HTTP Server HTTP request denial of service
20927| [72229] Apache Struts ExceptionDelegator command execution
20928| [72089] Apache Struts ParameterInterceptor directory traversal
20929| [72088] Apache Struts CookieInterceptor command execution
20930| [72047] Apache Geronimo hash denial of service
20931| [72016] Apache Tomcat hash denial of service
20932| [71711] Apache Struts OGNL expression code execution
20933| [71654] Apache Struts interfaces security bypass
20934| [71620] Apache ActiveMQ failover denial of service
20935| [71617] Apache HTTP Server mod_proxy module information disclosure
20936| [71508] Apache MyFaces EL security bypass
20937| [71445] Apache HTTP Server mod_proxy security bypass
20938| [71203] Apache Tomcat servlets privilege escalation
20939| [71181] Apache HTTP Server ap_pregsub() denial of service
20940| [71093] Apache HTTP Server ap_pregsub() buffer overflow
20941| [70336] Apache HTTP Server mod_proxy information disclosure
20942| [69804] Apache HTTP Server mod_proxy_ajp denial of service
20943| [69472] Apache Tomcat AJP security bypass
20944| [69396] Apache HTTP Server ByteRange filter denial of service
20945| [69394] Apache Wicket multi window support cross-site scripting
20946| [69176] Apache Tomcat XML information disclosure
20947| [69161] Apache Tomcat jsvc information disclosure
20948| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
20949| [68541] Apache Tomcat sendfile information disclosure
20950| [68420] Apache XML Security denial of service
20951| [68238] Apache Tomcat JMX information disclosure
20952| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
20953| [67804] Apache Subversion control rules information disclosure
20954| [67803] Apache Subversion control rules denial of service
20955| [67802] Apache Subversion baselined denial of service
20956| [67672] Apache Archiva multiple cross-site scripting
20957| [67671] Apache Archiva multiple cross-site request forgery
20958| [67564] Apache APR apr_fnmatch() denial of service
20959| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
20960| [67515] Apache Tomcat annotations security bypass
20961| [67480] Apache Struts s:submit information disclosure
20962| [67414] Apache APR apr_fnmatch() denial of service
20963| [67356] Apache Struts javatemplates cross-site scripting
20964| [67354] Apache Struts Xwork cross-site scripting
20965| [66676] Apache Tomcat HTTP BIO information disclosure
20966| [66675] Apache Tomcat web.xml security bypass
20967| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
20968| [66241] Apache HttpComponents information disclosure
20969| [66154] Apache Tomcat ServletSecurity security bypass
20970| [65971] Apache Tomcat ServletSecurity security bypass
20971| [65876] Apache Subversion mod_dav_svn denial of service
20972| [65343] Apache Continuum unspecified cross-site scripting
20973| [65162] Apache Tomcat NIO connector denial of service
20974| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
20975| [65160] Apache Tomcat HTML Manager interface cross-site scripting
20976| [65159] Apache Tomcat ServletContect security bypass
20977| [65050] Apache CouchDB web-based administration UI cross-site scripting
20978| [64773] Oracle HTTP Server Apache Plugin unauthorized access
20979| [64473] Apache Subversion blame -g denial of service
20980| [64472] Apache Subversion walk() denial of service
20981| [64407] Apache Axis2 CVE-2010-0219 code execution
20982| [63926] Apache Archiva password privilege escalation
20983| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
20984| [63493] Apache Archiva credentials cross-site request forgery
20985| [63477] Apache Tomcat HttpOnly session hijacking
20986| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
20987| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
20988| [62959] Apache Shiro filters security bypass
20989| [62790] Apache Perl cgi module denial of service
20990| [62576] Apache Qpid exchange denial of service
20991| [62575] Apache Qpid AMQP denial of service
20992| [62354] Apache Qpid SSL denial of service
20993| [62235] Apache APR-util apr_brigade_split_line() denial of service
20994| [62181] Apache XML-RPC SAX Parser information disclosure
20995| [61721] Apache Traffic Server cache poisoning
20996| [61202] Apache Derby BUILTIN authentication functionality information disclosure
20997| [61186] Apache CouchDB Futon cross-site request forgery
20998| [61169] Apache CXF DTD denial of service
20999| [61070] Apache Jackrabbit search.jsp SQL injection
21000| [61006] Apache SLMS Quoting cross-site request forgery
21001| [60962] Apache Tomcat time cross-site scripting
21002| [60883] Apache mod_proxy_http information disclosure
21003| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
21004| [60264] Apache Tomcat Transfer-Encoding denial of service
21005| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
21006| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
21007| [59413] Apache mod_proxy_http timeout information disclosure
21008| [59058] Apache MyFaces unencrypted view state cross-site scripting
21009| [58827] Apache Axis2 xsd file include
21010| [58790] Apache Axis2 modules cross-site scripting
21011| [58299] Apache ActiveMQ queueBrowse cross-site scripting
21012| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
21013| [58056] Apache ActiveMQ .jsp source code disclosure
21014| [58055] Apache Tomcat realm name information disclosure
21015| [58046] Apache HTTP Server mod_auth_shadow security bypass
21016| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
21017| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
21018| [57429] Apache CouchDB algorithms information disclosure
21019| [57398] Apache ActiveMQ Web console cross-site request forgery
21020| [57397] Apache ActiveMQ createDestination.action cross-site scripting
21021| [56653] Apache HTTP Server DNS spoofing
21022| [56652] Apache HTTP Server DNS cross-site scripting
21023| [56625] Apache HTTP Server request header information disclosure
21024| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
21025| [56623] Apache HTTP Server mod_proxy_ajp denial of service
21026| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
21027| [55857] Apache Tomcat WAR files directory traversal
21028| [55856] Apache Tomcat autoDeploy attribute security bypass
21029| [55855] Apache Tomcat WAR directory traversal
21030| [55210] Intuit component for Joomla! Apache information disclosure
21031| [54533] Apache Tomcat 404 error page cross-site scripting
21032| [54182] Apache Tomcat admin default password
21033| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
21034| [53666] Apache HTTP Server Solaris pollset support denial of service
21035| [53650] Apache HTTP Server HTTP basic-auth module security bypass
21036| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
21037| [53041] mod_proxy_ftp module for Apache denial of service
21038| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
21039| [51953] Apache Tomcat Path Disclosure
21040| [51952] Apache Tomcat Path Traversal
21041| [51951] Apache stronghold-status Information Disclosure
21042| [51950] Apache stronghold-info Information Disclosure
21043| [51949] Apache PHP Source Code Disclosure
21044| [51948] Apache Multiviews Attack
21045| [51946] Apache JServ Environment Status Information Disclosure
21046| [51945] Apache error_log Information Disclosure
21047| [51944] Apache Default Installation Page Pattern Found
21048| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
21049| [51942] Apache AXIS XML External Entity File Retrieval
21050| [51941] Apache AXIS Sample Servlet Information Leak
21051| [51940] Apache access_log Information Disclosure
21052| [51626] Apache mod_deflate denial of service
21053| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
21054| [51365] Apache Tomcat RequestDispatcher security bypass
21055| [51273] Apache HTTP Server Incomplete Request denial of service
21056| [51195] Apache Tomcat XML information disclosure
21057| [50994] Apache APR-util xml/apr_xml.c denial of service
21058| [50993] Apache APR-util apr_brigade_vprintf denial of service
21059| [50964] Apache APR-util apr_strmatch_precompile() denial of service
21060| [50930] Apache Tomcat j_security_check information disclosure
21061| [50928] Apache Tomcat AJP denial of service
21062| [50884] Apache HTTP Server XML ENTITY denial of service
21063| [50808] Apache HTTP Server AllowOverride privilege escalation
21064| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
21065| [50059] Apache mod_proxy_ajp information disclosure
21066| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
21067| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
21068| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
21069| [49921] Apache ActiveMQ Web interface cross-site scripting
21070| [49898] Apache Geronimo Services/Repository directory traversal
21071| [49725] Apache Tomcat mod_jk module information disclosure
21072| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
21073| [49712] Apache Struts unspecified cross-site scripting
21074| [49213] Apache Tomcat cal2.jsp cross-site scripting
21075| [48934] Apache Tomcat POST doRead method information disclosure
21076| [48211] Apache Tomcat header HTTP request smuggling
21077| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
21078| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
21079| [47709] Apache Roller "
21080| [47104] Novell Netware ApacheAdmin console security bypass
21081| [47086] Apache HTTP Server OS fingerprinting unspecified
21082| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
21083| [45791] Apache Tomcat RemoteFilterValve security bypass
21084| [44435] Oracle WebLogic Apache Connector buffer overflow
21085| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
21086| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
21087| [44156] Apache Tomcat RequestDispatcher directory traversal
21088| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
21089| [43885] Oracle WebLogic Server Apache Connector buffer overflow
21090| [42987] Apache HTTP Server mod_proxy module denial of service
21091| [42915] Apache Tomcat JSP files path disclosure
21092| [42914] Apache Tomcat MS-DOS path disclosure
21093| [42892] Apache Tomcat unspecified unauthorized access
21094| [42816] Apache Tomcat Host Manager cross-site scripting
21095| [42303] Apache 403 error cross-site scripting
21096| [41618] Apache-SSL ExpandCert() authentication bypass
21097| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
21098| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
21099| [40614] Apache mod_jk2 HTTP Host header buffer overflow
21100| [40562] Apache Geronimo init information disclosure
21101| [40478] Novell Web Manager webadmin-apache.conf security bypass
21102| [40411] Apache Tomcat exception handling information disclosure
21103| [40409] Apache Tomcat native (APR based) connector weak security
21104| [40403] Apache Tomcat quotes and %5C cookie information disclosure
21105| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
21106| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
21107| [39867] Apache HTTP Server mod_negotiation cross-site scripting
21108| [39804] Apache Tomcat SingleSignOn information disclosure
21109| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
21110| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
21111| [39608] Apache HTTP Server balancer manager cross-site request forgery
21112| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
21113| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
21114| [39472] Apache HTTP Server mod_status cross-site scripting
21115| [39201] Apache Tomcat JULI logging weak security
21116| [39158] Apache HTTP Server Windows SMB shares information disclosure
21117| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
21118| [38951] Apache::AuthCAS Perl module cookie SQL injection
21119| [38800] Apache HTTP Server 413 error page cross-site scripting
21120| [38211] Apache Geronimo SQLLoginModule authentication bypass
21121| [37243] Apache Tomcat WebDAV directory traversal
21122| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
21123| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
21124| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
21125| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
21126| [36782] Apache Geronimo MEJB unauthorized access
21127| [36586] Apache HTTP Server UTF-7 cross-site scripting
21128| [36468] Apache Geronimo LoginModule security bypass
21129| [36467] Apache Tomcat functions.jsp cross-site scripting
21130| [36402] Apache Tomcat calendar cross-site request forgery
21131| [36354] Apache HTTP Server mod_proxy module denial of service
21132| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
21133| [36336] Apache Derby lock table privilege escalation
21134| [36335] Apache Derby schema privilege escalation
21135| [36006] Apache Tomcat "
21136| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
21137| [35999] Apache Tomcat \"
21138| [35795] Apache Tomcat CookieExample cross-site scripting
21139| [35536] Apache Tomcat SendMailServlet example cross-site scripting
21140| [35384] Apache HTTP Server mod_cache module denial of service
21141| [35097] Apache HTTP Server mod_status module cross-site scripting
21142| [35095] Apache HTTP Server Prefork MPM module denial of service
21143| [34984] Apache HTTP Server recall_headers information disclosure
21144| [34966] Apache HTTP Server MPM content spoofing
21145| [34965] Apache HTTP Server MPM information disclosure
21146| [34963] Apache HTTP Server MPM multiple denial of service
21147| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
21148| [34869] Apache Tomcat JSP example Web application cross-site scripting
21149| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
21150| [34496] Apache Tomcat JK Connector security bypass
21151| [34377] Apache Tomcat hello.jsp cross-site scripting
21152| [34212] Apache Tomcat SSL configuration security bypass
21153| [34210] Apache Tomcat Accept-Language cross-site scripting
21154| [34209] Apache Tomcat calendar application cross-site scripting
21155| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
21156| [34167] Apache Axis WSDL file path disclosure
21157| [34068] Apache Tomcat AJP connector information disclosure
21158| [33584] Apache HTTP Server suEXEC privilege escalation
21159| [32988] Apache Tomcat proxy module directory traversal
21160| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
21161| [32708] Debian Apache tty privilege escalation
21162| [32441] ApacheStats extract() PHP call unspecified
21163| [32128] Apache Tomcat default account
21164| [31680] Apache Tomcat RequestParamExample cross-site scripting
21165| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
21166| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
21167| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
21168| [30456] Apache mod_auth_kerb off-by-one buffer overflow
21169| [29550] Apache mod_tcl set_var() format string
21170| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
21171| [28357] Apache HTTP Server mod_alias script source information disclosure
21172| [28063] Apache mod_rewrite off-by-one buffer overflow
21173| [27902] Apache Tomcat URL information disclosure
21174| [26786] Apache James SMTP server denial of service
21175| [25680] libapache2 /tmp/svn file upload
21176| [25614] Apache Struts lookupMap cross-site scripting
21177| [25613] Apache Struts ActionForm denial of service
21178| [25612] Apache Struts isCancelled() security bypass
21179| [24965] Apache mod_python FileSession command execution
21180| [24716] Apache James spooler memory leak denial of service
21181| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
21182| [24158] Apache Geronimo jsp-examples cross-site scripting
21183| [24030] Apache auth_ldap module multiple format strings
21184| [24008] Apache mod_ssl custom error message denial of service
21185| [24003] Apache mod_auth_pgsql module multiple syslog format strings
21186| [23612] Apache mod_imap referer field cross-site scripting
21187| [23173] Apache Struts error message cross-site scripting
21188| [22942] Apache Tomcat directory listing denial of service
21189| [22858] Apache Multi-Processing Module code allows denial of service
21190| [22602] RHSA-2005:582 updates for Apache httpd not installed
21191| [22520] Apache mod-auth-shadow "
21192| [22466] ApacheTop symlink
21193| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
21194| [22006] Apache HTTP Server byte-range filter denial of service
21195| [21567] Apache mod_ssl off-by-one buffer overflow
21196| [21195] Apache HTTP Server header HTTP request smuggling
21197| [20383] Apache HTTP Server htdigest buffer overflow
21198| [19681] Apache Tomcat AJP12 request denial of service
21199| [18993] Apache HTTP server check_forensic symlink attack
21200| [18790] Apache Tomcat Manager cross-site scripting
21201| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
21202| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
21203| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
21204| [17961] Apache Web server ServerTokens has not been set
21205| [17930] Apache HTTP Server HTTP GET request denial of service
21206| [17785] Apache mod_include module buffer overflow
21207| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
21208| [17473] Apache HTTP Server Satisfy directive allows access to resources
21209| [17413] Apache htpasswd buffer overflow
21210| [17384] Apache HTTP Server environment variable configuration file buffer overflow
21211| [17382] Apache HTTP Server IPv6 apr_util denial of service
21212| [17366] Apache HTTP Server mod_dav module LOCK denial of service
21213| [17273] Apache HTTP Server speculative mode denial of service
21214| [17200] Apache HTTP Server mod_ssl denial of service
21215| [16890] Apache HTTP Server server-info request has been detected
21216| [16889] Apache HTTP Server server-status request has been detected
21217| [16705] Apache mod_ssl format string attack
21218| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
21219| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
21220| [16230] Apache HTTP Server PHP denial of service
21221| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
21222| [15958] Apache HTTP Server authentication modules memory corruption
21223| [15547] Apache HTTP Server mod_disk_cache local information disclosure
21224| [15540] Apache HTTP Server socket starvation denial of service
21225| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
21226| [15422] Apache HTTP Server mod_access information disclosure
21227| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
21228| [15293] Apache for Cygwin "
21229| [15065] Apache-SSL has a default password
21230| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
21231| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
21232| [14751] Apache Mod_python output filter information disclosure
21233| [14125] Apache HTTP Server mod_userdir module information disclosure
21234| [14075] Apache HTTP Server mod_php file descriptor leak
21235| [13703] Apache HTTP Server account
21236| [13689] Apache HTTP Server configuration allows symlinks
21237| [13688] Apache HTTP Server configuration allows SSI
21238| [13687] Apache HTTP Server Server: header value
21239| [13685] Apache HTTP Server ServerTokens value
21240| [13684] Apache HTTP Server ServerSignature value
21241| [13672] Apache HTTP Server config allows directory autoindexing
21242| [13671] Apache HTTP Server default content
21243| [13670] Apache HTTP Server config file directive references outside content root
21244| [13668] Apache HTTP Server httpd not running in chroot environment
21245| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
21246| [13664] Apache HTTP Server config file contains ScriptAlias entry
21247| [13663] Apache HTTP Server CGI support modules loaded
21248| [13661] Apache HTTP Server config file contains AddHandler entry
21249| [13660] Apache HTTP Server 500 error page not CGI script
21250| [13659] Apache HTTP Server 413 error page not CGI script
21251| [13658] Apache HTTP Server 403 error page not CGI script
21252| [13657] Apache HTTP Server 401 error page not CGI script
21253| [13552] Apache HTTP Server mod_cgid module information disclosure
21254| [13550] Apache GET request directory traversal
21255| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
21256| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
21257| [13429] Apache Tomcat non-HTTP request denial of service
21258| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
21259| [13295] Apache weak password encryption
21260| [13254] Apache Tomcat .jsp cross-site scripting
21261| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
21262| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
21263| [12681] Apache HTTP Server mod_proxy could allow mail relaying
21264| [12662] Apache HTTP Server rotatelogs denial of service
21265| [12554] Apache Tomcat stores password in plain text
21266| [12553] Apache HTTP Server redirects and subrequests denial of service
21267| [12552] Apache HTTP Server FTP proxy server denial of service
21268| [12551] Apache HTTP Server prefork MPM denial of service
21269| [12550] Apache HTTP Server weaker than expected encryption
21270| [12549] Apache HTTP Server type-map file denial of service
21271| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
21272| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
21273| [12091] Apache HTTP Server apr_password_validate denial of service
21274| [12090] Apache HTTP Server apr_psprintf code execution
21275| [11804] Apache HTTP Server mod_access_referer denial of service
21276| [11750] Apache HTTP Server could leak sensitive file descriptors
21277| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
21278| [11703] Apache long slash path allows directory listing
21279| [11695] Apache HTTP Server LF (Line Feed) denial of service
21280| [11694] Apache HTTP Server filestat.c denial of service
21281| [11438] Apache HTTP Server MIME message boundaries information disclosure
21282| [11412] Apache HTTP Server error log terminal escape sequence injection
21283| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
21284| [11195] Apache Tomcat web.xml could be used to read files
21285| [11194] Apache Tomcat URL appended with a null character could list directories
21286| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
21287| [11126] Apache HTTP Server illegal character file disclosure
21288| [11125] Apache HTTP Server DOS device name HTTP POST code execution
21289| [11124] Apache HTTP Server DOS device name denial of service
21290| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
21291| [10938] Apache HTTP Server printenv test CGI cross-site scripting
21292| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
21293| [10575] Apache mod_php module could allow an attacker to take over the httpd process
21294| [10499] Apache HTTP Server WebDAV HTTP POST view source
21295| [10457] Apache HTTP Server mod_ssl "
21296| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
21297| [10414] Apache HTTP Server htdigest multiple buffer overflows
21298| [10413] Apache HTTP Server htdigest temporary file race condition
21299| [10412] Apache HTTP Server htpasswd temporary file race condition
21300| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
21301| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
21302| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
21303| [10280] Apache HTTP Server shared memory scorecard overwrite
21304| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
21305| [10241] Apache HTTP Server Host: header cross-site scripting
21306| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
21307| [10208] Apache HTTP Server mod_dav denial of service
21308| [10206] HP VVOS Apache mod_ssl denial of service
21309| [10200] Apache HTTP Server stderr denial of service
21310| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
21311| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
21312| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
21313| [10098] Slapper worm targets OpenSSL/Apache systems
21314| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
21315| [9875] Apache HTTP Server .var file request could disclose installation path
21316| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
21317| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
21318| [9623] Apache HTTP Server ap_log_rerror() path disclosure
21319| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
21320| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
21321| [9396] Apache Tomcat null character to threads denial of service
21322| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
21323| [9249] Apache HTTP Server chunked encoding heap buffer overflow
21324| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
21325| [8932] Apache Tomcat example class information disclosure
21326| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
21327| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
21328| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
21329| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
21330| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
21331| [8400] Apache HTTP Server mod_frontpage buffer overflows
21332| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
21333| [8308] Apache "
21334| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
21335| [8119] Apache and PHP OPTIONS request reveals "
21336| [8054] Apache is running on the system
21337| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
21338| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
21339| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
21340| [7836] Apache HTTP Server log directory denial of service
21341| [7815] Apache for Windows "
21342| [7810] Apache HTTP request could result in unexpected behavior
21343| [7599] Apache Tomcat reveals installation path
21344| [7494] Apache "
21345| [7419] Apache Web Server could allow remote attackers to overwrite .log files
21346| [7363] Apache Web Server hidden HTTP requests
21347| [7249] Apache mod_proxy denial of service
21348| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
21349| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
21350| [7059] Apache "
21351| [7057] Apache "
21352| [7056] Apache "
21353| [7055] Apache "
21354| [7054] Apache "
21355| [6997] Apache Jakarta Tomcat error message may reveal information
21356| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
21357| [6970] Apache crafted HTTP request could reveal the internal IP address
21358| [6921] Apache long slash path allows directory listing
21359| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
21360| [6527] Apache Web Server for Windows and OS2 denial of service
21361| [6316] Apache Jakarta Tomcat may reveal JSP source code
21362| [6305] Apache Jakarta Tomcat directory traversal
21363| [5926] Linux Apache symbolic link
21364| [5659] Apache Web server discloses files when used with php script
21365| [5310] Apache mod_rewrite allows attacker to view arbitrary files
21366| [5204] Apache WebDAV directory listings
21367| [5197] Apache Web server reveals CGI script source code
21368| [5160] Apache Jakarta Tomcat default installation
21369| [5099] Trustix Secure Linux installs Apache with world writable access
21370| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
21371| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
21372| [4931] Apache source.asp example file allows users to write to files
21373| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
21374| [4205] Apache Jakarta Tomcat delivers file contents
21375| [2084] Apache on Debian by default serves the /usr/doc directory
21376| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
21377| [697] Apache HTTP server beck exploit
21378| [331] Apache cookies buffer overflow
21379|
21380| Exploit-DB - https://www.exploit-db.com:
21381| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
21382| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
21383| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
21384| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
21385| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
21386| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
21387| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
21388| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
21389| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
21390| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
21391| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
21392| [29859] Apache Roller OGNL Injection
21393| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
21394| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
21395| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
21396| [29290] Apache / PHP 5.x Remote Code Execution Exploit
21397| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
21398| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
21399| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
21400| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
21401| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
21402| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
21403| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
21404| [27096] Apache Geronimo 1.0 Error Page XSS
21405| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
21406| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
21407| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
21408| [25986] Plesk Apache Zeroday Remote Exploit
21409| [25980] Apache Struts includeParams Remote Code Execution
21410| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
21411| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
21412| [24874] Apache Struts ParametersInterceptor Remote Code Execution
21413| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
21414| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
21415| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
21416| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
21417| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
21418| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
21419| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
21420| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
21421| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
21422| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
21423| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
21424| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
21425| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
21426| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
21427| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
21428| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
21429| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
21430| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
21431| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
21432| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
21433| [21719] Apache 2.0 Path Disclosure Vulnerability
21434| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
21435| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
21436| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
21437| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
21438| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
21439| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
21440| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
21441| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
21442| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
21443| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
21444| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
21445| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
21446| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
21447| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
21448| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
21449| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
21450| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
21451| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
21452| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
21453| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
21454| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
21455| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
21456| [20558] Apache 1.2 Web Server DoS Vulnerability
21457| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
21458| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
21459| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
21460| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
21461| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
21462| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
21463| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
21464| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
21465| [19231] PHP apache_request_headers Function Buffer Overflow
21466| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
21467| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
21468| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
21469| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
21470| [18442] Apache httpOnly Cookie Disclosure
21471| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
21472| [18221] Apache HTTP Server Denial of Service
21473| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
21474| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
21475| [17691] Apache Struts < 2.2.0 - Remote Command Execution
21476| [16798] Apache mod_jk 1.2.20 Buffer Overflow
21477| [16782] Apache Win32 Chunked Encoding
21478| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
21479| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
21480| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
21481| [15319] Apache 2.2 (Windows) Local Denial of Service
21482| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
21483| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21484| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
21485| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
21486| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
21487| [12330] Apache OFBiz - Multiple XSS
21488| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
21489| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
21490| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
21491| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
21492| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
21493| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
21494| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
21495| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
21496| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21497| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
21498| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
21499| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
21500| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21501| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
21502| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
21503| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
21504| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
21505| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
21506| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
21507| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
21508| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
21509| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
21510| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
21511| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
21512| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
21513| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
21514| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
21515| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
21516| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
21517| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
21518| [466] htpasswd Apache 1.3.31 - Local Exploit
21519| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
21520| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
21521| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
21522| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
21523| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
21524| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
21525| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
21526| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
21527| [9] Apache HTTP Server 2.x Memory Leak Exploit
21528|
21529| OpenVAS (Nessus) - http://www.openvas.org:
21530| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
21531| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
21532| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
21533| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
21534| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
21535| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
21536| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
21537| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
21538| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
21539| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
21540| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
21541| [900571] Apache APR-Utils Version Detection
21542| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
21543| [900496] Apache Tiles Multiple XSS Vulnerability
21544| [900493] Apache Tiles Version Detection
21545| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
21546| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
21547| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
21548| [870175] RedHat Update for apache RHSA-2008:0004-01
21549| [864591] Fedora Update for apache-poi FEDORA-2012-10835
21550| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
21551| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
21552| [864250] Fedora Update for apache-poi FEDORA-2012-7683
21553| [864249] Fedora Update for apache-poi FEDORA-2012-7686
21554| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
21555| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
21556| [855821] Solaris Update for Apache 1.3 122912-19
21557| [855812] Solaris Update for Apache 1.3 122911-19
21558| [855737] Solaris Update for Apache 1.3 122911-17
21559| [855731] Solaris Update for Apache 1.3 122912-17
21560| [855695] Solaris Update for Apache 1.3 122911-16
21561| [855645] Solaris Update for Apache 1.3 122912-16
21562| [855587] Solaris Update for kernel update and Apache 108529-29
21563| [855566] Solaris Update for Apache 116973-07
21564| [855531] Solaris Update for Apache 116974-07
21565| [855524] Solaris Update for Apache 2 120544-14
21566| [855494] Solaris Update for Apache 1.3 122911-15
21567| [855478] Solaris Update for Apache Security 114145-11
21568| [855472] Solaris Update for Apache Security 113146-12
21569| [855179] Solaris Update for Apache 1.3 122912-15
21570| [855147] Solaris Update for kernel update and Apache 108528-29
21571| [855077] Solaris Update for Apache 2 120543-14
21572| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
21573| [850088] SuSE Update for apache2 SUSE-SA:2007:061
21574| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
21575| [841209] Ubuntu Update for apache2 USN-1627-1
21576| [840900] Ubuntu Update for apache2 USN-1368-1
21577| [840798] Ubuntu Update for apache2 USN-1259-1
21578| [840734] Ubuntu Update for apache2 USN-1199-1
21579| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
21580| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
21581| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
21582| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
21583| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
21584| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
21585| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
21586| [835253] HP-UX Update for Apache Web Server HPSBUX02645
21587| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
21588| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
21589| [835236] HP-UX Update for Apache with PHP HPSBUX02543
21590| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
21591| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
21592| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
21593| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
21594| [835188] HP-UX Update for Apache HPSBUX02308
21595| [835181] HP-UX Update for Apache With PHP HPSBUX02332
21596| [835180] HP-UX Update for Apache with PHP HPSBUX02342
21597| [835172] HP-UX Update for Apache HPSBUX02365
21598| [835168] HP-UX Update for Apache HPSBUX02313
21599| [835148] HP-UX Update for Apache HPSBUX01064
21600| [835139] HP-UX Update for Apache with PHP HPSBUX01090
21601| [835131] HP-UX Update for Apache HPSBUX00256
21602| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
21603| [835104] HP-UX Update for Apache HPSBUX00224
21604| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
21605| [835101] HP-UX Update for Apache HPSBUX01232
21606| [835080] HP-UX Update for Apache HPSBUX02273
21607| [835078] HP-UX Update for ApacheStrong HPSBUX00255
21608| [835044] HP-UX Update for Apache HPSBUX01019
21609| [835040] HP-UX Update for Apache PHP HPSBUX00207
21610| [835025] HP-UX Update for Apache HPSBUX00197
21611| [835023] HP-UX Update for Apache HPSBUX01022
21612| [835022] HP-UX Update for Apache HPSBUX02292
21613| [835005] HP-UX Update for Apache HPSBUX02262
21614| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
21615| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
21616| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
21617| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
21618| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
21619| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
21620| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
21621| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
21622| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
21623| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
21624| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
21625| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
21626| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
21627| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
21628| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
21629| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
21630| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
21631| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
21632| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
21633| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
21634| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
21635| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
21636| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
21637| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
21638| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
21639| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
21640| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
21641| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
21642| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
21643| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
21644| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
21645| [801942] Apache Archiva Multiple Vulnerabilities
21646| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
21647| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
21648| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
21649| [801284] Apache Derby Information Disclosure Vulnerability
21650| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
21651| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
21652| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
21653| [800680] Apache APR Version Detection
21654| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
21655| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
21656| [800677] Apache Roller Version Detection
21657| [800279] Apache mod_jk Module Version Detection
21658| [800278] Apache Struts Cross Site Scripting Vulnerability
21659| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
21660| [800276] Apache Struts Version Detection
21661| [800271] Apache Struts Directory Traversal Vulnerability
21662| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
21663| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
21664| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
21665| [103122] Apache Web Server ETag Header Information Disclosure Weakness
21666| [103074] Apache Continuum Cross Site Scripting Vulnerability
21667| [103073] Apache Continuum Detection
21668| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
21669| [101023] Apache Open For Business Weak Password security check
21670| [101020] Apache Open For Business HTML injection vulnerability
21671| [101019] Apache Open For Business service detection
21672| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
21673| [100923] Apache Archiva Detection
21674| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
21675| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
21676| [100813] Apache Axis2 Detection
21677| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
21678| [100795] Apache Derby Detection
21679| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
21680| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
21681| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
21682| [100514] Apache Multiple Security Vulnerabilities
21683| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
21684| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
21685| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
21686| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21687| [72626] Debian Security Advisory DSA 2579-1 (apache2)
21688| [72612] FreeBSD Ports: apache22
21689| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
21690| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
21691| [71512] FreeBSD Ports: apache
21692| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
21693| [71256] Debian Security Advisory DSA 2452-1 (apache2)
21694| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
21695| [70737] FreeBSD Ports: apache
21696| [70724] Debian Security Advisory DSA 2405-1 (apache2)
21697| [70600] FreeBSD Ports: apache
21698| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
21699| [70235] Debian Security Advisory DSA 2298-2 (apache2)
21700| [70233] Debian Security Advisory DSA 2298-1 (apache2)
21701| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
21702| [69338] Debian Security Advisory DSA 2202-1 (apache2)
21703| [67868] FreeBSD Ports: apache
21704| [66816] FreeBSD Ports: apache
21705| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
21706| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
21707| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
21708| [66081] SLES11: Security update for Apache 2
21709| [66074] SLES10: Security update for Apache 2
21710| [66070] SLES9: Security update for Apache 2
21711| [65998] SLES10: Security update for apache2-mod_python
21712| [65893] SLES10: Security update for Apache 2
21713| [65888] SLES10: Security update for Apache 2
21714| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
21715| [65510] SLES9: Security update for Apache 2
21716| [65472] SLES9: Security update for Apache
21717| [65467] SLES9: Security update for Apache
21718| [65450] SLES9: Security update for apache2
21719| [65390] SLES9: Security update for Apache2
21720| [65363] SLES9: Security update for Apache2
21721| [65309] SLES9: Security update for Apache and mod_ssl
21722| [65296] SLES9: Security update for webdav apache module
21723| [65283] SLES9: Security update for Apache2
21724| [65249] SLES9: Security update for Apache 2
21725| [65230] SLES9: Security update for Apache 2
21726| [65228] SLES9: Security update for Apache 2
21727| [65212] SLES9: Security update for apache2-mod_python
21728| [65209] SLES9: Security update for apache2-worker
21729| [65207] SLES9: Security update for Apache 2
21730| [65168] SLES9: Security update for apache2-mod_python
21731| [65142] SLES9: Security update for Apache2
21732| [65136] SLES9: Security update for Apache 2
21733| [65132] SLES9: Security update for apache
21734| [65131] SLES9: Security update for Apache 2 oes/CORE
21735| [65113] SLES9: Security update for apache2
21736| [65072] SLES9: Security update for apache and mod_ssl
21737| [65017] SLES9: Security update for Apache 2
21738| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
21739| [64783] FreeBSD Ports: apache
21740| [64774] Ubuntu USN-802-2 (apache2)
21741| [64653] Ubuntu USN-813-2 (apache2)
21742| [64559] Debian Security Advisory DSA 1834-2 (apache2)
21743| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
21744| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
21745| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
21746| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
21747| [64443] Ubuntu USN-802-1 (apache2)
21748| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
21749| [64423] Debian Security Advisory DSA 1834-1 (apache2)
21750| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
21751| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
21752| [64251] Debian Security Advisory DSA 1816-1 (apache2)
21753| [64201] Ubuntu USN-787-1 (apache2)
21754| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
21755| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
21756| [63565] FreeBSD Ports: apache
21757| [63562] Ubuntu USN-731-1 (apache2)
21758| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
21759| [61185] FreeBSD Ports: apache
21760| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
21761| [60387] Slackware Advisory SSA:2008-045-02 apache
21762| [58826] FreeBSD Ports: apache-tomcat
21763| [58825] FreeBSD Ports: apache-tomcat
21764| [58804] FreeBSD Ports: apache
21765| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
21766| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
21767| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
21768| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
21769| [57335] Debian Security Advisory DSA 1167-1 (apache)
21770| [57201] Debian Security Advisory DSA 1131-1 (apache)
21771| [57200] Debian Security Advisory DSA 1132-1 (apache2)
21772| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
21773| [57145] FreeBSD Ports: apache
21774| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
21775| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
21776| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
21777| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
21778| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
21779| [56067] FreeBSD Ports: apache
21780| [55803] Slackware Advisory SSA:2005-310-04 apache
21781| [55519] Debian Security Advisory DSA 839-1 (apachetop)
21782| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
21783| [55355] FreeBSD Ports: apache
21784| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
21785| [55261] Debian Security Advisory DSA 805-1 (apache2)
21786| [55259] Debian Security Advisory DSA 803-1 (apache)
21787| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
21788| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
21789| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
21790| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
21791| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
21792| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
21793| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
21794| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
21795| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
21796| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
21797| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
21798| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
21799| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
21800| [54439] FreeBSD Ports: apache
21801| [53931] Slackware Advisory SSA:2004-133-01 apache
21802| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
21803| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
21804| [53878] Slackware Advisory SSA:2003-308-01 apache security update
21805| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
21806| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
21807| [53848] Debian Security Advisory DSA 131-1 (apache)
21808| [53784] Debian Security Advisory DSA 021-1 (apache)
21809| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
21810| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
21811| [53735] Debian Security Advisory DSA 187-1 (apache)
21812| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
21813| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
21814| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
21815| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
21816| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
21817| [53282] Debian Security Advisory DSA 594-1 (apache)
21818| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
21819| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
21820| [53215] Debian Security Advisory DSA 525-1 (apache)
21821| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
21822| [52529] FreeBSD Ports: apache+ssl
21823| [52501] FreeBSD Ports: apache
21824| [52461] FreeBSD Ports: apache
21825| [52390] FreeBSD Ports: apache
21826| [52389] FreeBSD Ports: apache
21827| [52388] FreeBSD Ports: apache
21828| [52383] FreeBSD Ports: apache
21829| [52339] FreeBSD Ports: apache+mod_ssl
21830| [52331] FreeBSD Ports: apache
21831| [52329] FreeBSD Ports: ru-apache+mod_ssl
21832| [52314] FreeBSD Ports: apache
21833| [52310] FreeBSD Ports: apache
21834| [15588] Detect Apache HTTPS
21835| [15555] Apache mod_proxy content-length buffer overflow
21836| [15554] Apache mod_include priviledge escalation
21837| [14771] Apache <= 1.3.33 htpasswd local overflow
21838| [14177] Apache mod_access rule bypass
21839| [13644] Apache mod_rootme Backdoor
21840| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
21841| [12280] Apache Connection Blocking Denial of Service
21842| [12239] Apache Error Log Escape Sequence Injection
21843| [12123] Apache Tomcat source.jsp malformed request information disclosure
21844| [12085] Apache Tomcat servlet/JSP container default files
21845| [11438] Apache Tomcat Directory Listing and File disclosure
21846| [11204] Apache Tomcat Default Accounts
21847| [11092] Apache 2.0.39 Win32 directory traversal
21848| [11046] Apache Tomcat TroubleShooter Servlet Installed
21849| [11042] Apache Tomcat DOS Device Name XSS
21850| [11041] Apache Tomcat /servlet Cross Site Scripting
21851| [10938] Apache Remote Command Execution via .bat files
21852| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
21853| [10773] MacOS X Finder reveals contents of Apache Web files
21854| [10766] Apache UserDir Sensitive Information Disclosure
21855| [10756] MacOS X Finder reveals contents of Apache Web directories
21856| [10752] Apache Auth Module SQL Insertion Attack
21857| [10704] Apache Directory Listing
21858| [10678] Apache /server-info accessible
21859| [10677] Apache /server-status accessible
21860| [10440] Check for Apache Multiple / vulnerability
21861|
21862| SecurityTracker - https://www.securitytracker.com:
21863| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
21864| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
21865| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
21866| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
21867| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
21868| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
21869| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
21870| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
21871| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
21872| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
21873| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
21874| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
21875| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
21876| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
21877| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
21878| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
21879| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
21880| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
21881| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
21882| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
21883| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
21884| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
21885| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
21886| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
21887| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
21888| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
21889| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
21890| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
21891| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
21892| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
21893| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
21894| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
21895| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
21896| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
21897| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
21898| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
21899| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
21900| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
21901| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
21902| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
21903| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
21904| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
21905| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
21906| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
21907| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
21908| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
21909| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
21910| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
21911| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
21912| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
21913| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
21914| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
21915| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
21916| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
21917| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
21918| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
21919| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
21920| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
21921| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
21922| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
21923| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
21924| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
21925| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
21926| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
21927| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
21928| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
21929| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
21930| [1024096] Apache mod_proxy_http May Return Results for a Different Request
21931| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
21932| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
21933| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
21934| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
21935| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
21936| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
21937| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
21938| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
21939| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
21940| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
21941| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
21942| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
21943| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
21944| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
21945| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
21946| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
21947| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
21948| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
21949| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
21950| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
21951| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
21952| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
21953| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
21954| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
21955| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
21956| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
21957| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
21958| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
21959| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
21960| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
21961| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
21962| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
21963| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
21964| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
21965| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
21966| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
21967| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
21968| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
21969| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
21970| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
21971| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
21972| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
21973| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
21974| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
21975| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
21976| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
21977| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
21978| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
21979| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
21980| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
21981| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
21982| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
21983| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
21984| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
21985| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
21986| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
21987| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
21988| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
21989| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
21990| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
21991| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
21992| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
21993| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
21994| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
21995| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
21996| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
21997| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
21998| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
21999| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
22000| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
22001| [1008920] Apache mod_digest May Validate Replayed Client Responses
22002| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
22003| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
22004| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
22005| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
22006| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
22007| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
22008| [1008030] Apache mod_rewrite Contains a Buffer Overflow
22009| [1008029] Apache mod_alias Contains a Buffer Overflow
22010| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
22011| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
22012| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
22013| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
22014| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
22015| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
22016| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
22017| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
22018| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
22019| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
22020| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
22021| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
22022| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
22023| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
22024| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
22025| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
22026| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
22027| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
22028| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
22029| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
22030| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
22031| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
22032| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
22033| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
22034| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
22035| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
22036| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
22037| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
22038| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
22039| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
22040| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
22041| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
22042| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
22043| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
22044| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
22045| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
22046| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
22047| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
22048| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22049| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22050| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
22051| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
22052| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
22053| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
22054| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
22055| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
22056| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
22057| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
22058| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
22059| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
22060| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
22061| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
22062| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
22063| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
22064| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
22065| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
22066|
22067| OSVDB - http://www.osvdb.org:
22068| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
22069| [96077] Apache CloudStack Global Settings Multiple Field XSS
22070| [96076] Apache CloudStack Instances Menu Display Name Field XSS
22071| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
22072| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
22073| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
22074| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
22075| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
22076| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
22077| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
22078| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
22079| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
22080| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22081| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
22082| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
22083| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
22084| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
22085| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22086| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
22087| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
22088| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
22089| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
22090| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
22091| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
22092| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
22093| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
22094| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
22095| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
22096| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
22097| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
22098| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
22099| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
22100| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
22101| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
22102| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
22103| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
22104| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
22105| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
22106| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
22107| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
22108| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
22109| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
22110| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
22111| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
22112| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
22113| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
22114| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
22115| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
22116| [94279] Apache Qpid CA Certificate Validation Bypass
22117| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
22118| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
22119| [94042] Apache Axis JAX-WS Java Unspecified Exposure
22120| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
22121| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
22122| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
22123| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
22124| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
22125| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
22126| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
22127| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
22128| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
22129| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
22130| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
22131| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
22132| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
22133| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
22134| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
22135| [93541] Apache Solr json.wrf Callback XSS
22136| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
22137| [93521] Apache jUDDI Security API Token Session Persistence Weakness
22138| [93520] Apache CloudStack Default SSL Key Weakness
22139| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
22140| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
22141| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
22142| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
22143| [93515] Apache HBase table.jsp name Parameter XSS
22144| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
22145| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
22146| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
22147| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
22148| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
22149| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
22150| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
22151| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
22152| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
22153| [93252] Apache Tomcat FORM Authenticator Session Fixation
22154| [93172] Apache Camel camel/endpoints/ Endpoint XSS
22155| [93171] Apache Sling HtmlResponse Error Message XSS
22156| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
22157| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
22158| [93168] Apache Click ErrorReport.java id Parameter XSS
22159| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
22160| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
22161| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
22162| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
22163| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
22164| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
22165| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
22166| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
22167| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
22168| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
22169| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
22170| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
22171| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
22172| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
22173| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
22174| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
22175| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
22176| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
22177| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
22178| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
22179| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
22180| [93144] Apache Solr Admin Command Execution CSRF
22181| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
22182| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
22183| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
22184| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
22185| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
22186| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
22187| [92748] Apache CloudStack VM Console Access Restriction Bypass
22188| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
22189| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
22190| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
22191| [92706] Apache ActiveMQ Debug Log Rendering XSS
22192| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
22193| [92270] Apache Tomcat Unspecified CSRF
22194| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
22195| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
22196| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
22197| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
22198| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
22199| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
22200| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
22201| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
22202| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
22203| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
22204| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
22205| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
22206| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
22207| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
22208| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
22209| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
22210| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
22211| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
22212| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
22213| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
22214| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
22215| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
22216| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
22217| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
22218| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
22219| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
22220| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
22221| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
22222| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
22223| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
22224| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
22225| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
22226| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
22227| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
22228| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
22229| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
22230| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
22231| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
22232| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
22233| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
22234| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
22235| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
22236| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
22237| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
22238| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
22239| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
22240| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
22241| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
22242| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
22243| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
22244| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
22245| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
22246| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
22247| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
22248| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
22249| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
22250| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
22251| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
22252| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
22253| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
22254| [86901] Apache Tomcat Error Message Path Disclosure
22255| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
22256| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
22257| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
22258| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
22259| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
22260| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
22261| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
22262| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
22263| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
22264| [85430] Apache mod_pagespeed Module Unspecified XSS
22265| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
22266| [85249] Apache Wicket Unspecified XSS
22267| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
22268| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
22269| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
22270| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
22271| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
22272| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
22273| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
22274| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
22275| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
22276| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
22277| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
22278| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
22279| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
22280| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
22281| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
22282| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
22283| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
22284| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
22285| [83339] Apache Roller Blogger Roll Unspecified XSS
22286| [83270] Apache Roller Unspecified Admin Action CSRF
22287| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
22288| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
22289| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
22290| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
22291| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
22292| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
22293| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
22294| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
22295| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
22296| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
22297| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
22298| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
22299| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
22300| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
22301| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
22302| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
22303| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
22304| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
22305| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
22306| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
22307| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
22308| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
22309| [80300] Apache Wicket wicket:pageMapName Parameter XSS
22310| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
22311| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
22312| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
22313| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
22314| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
22315| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
22316| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
22317| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
22318| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
22319| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
22320| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
22321| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
22322| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
22323| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
22324| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
22325| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
22326| [78331] Apache Tomcat Request Object Recycling Information Disclosure
22327| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
22328| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
22329| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
22330| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
22331| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
22332| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
22333| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
22334| [77593] Apache Struts Conversion Error OGNL Expression Injection
22335| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
22336| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
22337| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
22338| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
22339| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
22340| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
22341| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
22342| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
22343| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
22344| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
22345| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
22346| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
22347| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
22348| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
22349| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
22350| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
22351| [74725] Apache Wicket Multi Window Support Unspecified XSS
22352| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
22353| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
22354| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
22355| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
22356| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
22357| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
22358| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
22359| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
22360| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
22361| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
22362| [73644] Apache XML Security Signature Key Parsing Overflow DoS
22363| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
22364| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
22365| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
22366| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
22367| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
22368| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
22369| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
22370| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
22371| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
22372| [73154] Apache Archiva Multiple Unspecified CSRF
22373| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
22374| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
22375| [72238] Apache Struts Action / Method Names <
22376| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
22377| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
22378| [71557] Apache Tomcat HTML Manager Multiple XSS
22379| [71075] Apache Archiva User Management Page XSS
22380| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
22381| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
22382| [70924] Apache Continuum Multiple Admin Function CSRF
22383| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
22384| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
22385| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
22386| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
22387| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
22388| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
22389| [69520] Apache Archiva Administrator Credential Manipulation CSRF
22390| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
22391| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
22392| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
22393| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
22394| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
22395| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
22396| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
22397| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
22398| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
22399| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
22400| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
22401| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
22402| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
22403| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
22404| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
22405| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
22406| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
22407| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
22408| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
22409| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
22410| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
22411| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
22412| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
22413| [65054] Apache ActiveMQ Jetty Error Handler XSS
22414| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
22415| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
22416| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
22417| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
22418| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
22419| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
22420| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
22421| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
22422| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
22423| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
22424| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
22425| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
22426| [63895] Apache HTTP Server mod_headers Unspecified Issue
22427| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
22428| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
22429| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
22430| [63140] Apache Thrift Service Malformed Data Remote DoS
22431| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
22432| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
22433| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
22434| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
22435| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
22436| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
22437| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
22438| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
22439| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
22440| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
22441| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
22442| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
22443| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
22444| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
22445| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
22446| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
22447| [60678] Apache Roller Comment Email Notification Manipulation DoS
22448| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
22449| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
22450| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
22451| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
22452| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
22453| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
22454| [60232] PHP on Apache php.exe Direct Request Remote DoS
22455| [60176] Apache Tomcat Windows Installer Admin Default Password
22456| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
22457| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
22458| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
22459| [59944] Apache Hadoop jobhistory.jsp XSS
22460| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
22461| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
22462| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
22463| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
22464| [59019] Apache mod_python Cookie Salting Weakness
22465| [59018] Apache Harmony Error Message Handling Overflow
22466| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
22467| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
22468| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
22469| [59010] Apache Solr get-file.jsp XSS
22470| [59009] Apache Solr action.jsp XSS
22471| [59008] Apache Solr analysis.jsp XSS
22472| [59007] Apache Solr schema.jsp Multiple Parameter XSS
22473| [59006] Apache Beehive select / checkbox Tag XSS
22474| [59005] Apache Beehive jpfScopeID Global Parameter XSS
22475| [59004] Apache Beehive Error Message XSS
22476| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
22477| [59002] Apache Jetspeed default-page.psml URI XSS
22478| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
22479| [59000] Apache CXF Unsigned Message Policy Bypass
22480| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
22481| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
22482| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
22483| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
22484| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
22485| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
22486| [58993] Apache Hadoop browseBlock.jsp XSS
22487| [58991] Apache Hadoop browseDirectory.jsp XSS
22488| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
22489| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
22490| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
22491| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
22492| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
22493| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
22494| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
22495| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
22496| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
22497| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
22498| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
22499| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
22500| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
22501| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
22502| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
22503| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
22504| [58974] Apache Sling /apps Script User Session Management Access Weakness
22505| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
22506| [58931] Apache Geronimo Cookie Parameters Validation Weakness
22507| [58930] Apache Xalan-C++ XPath Handling Remote DoS
22508| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
22509| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
22510| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
22511| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
22512| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
22513| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
22514| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
22515| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
22516| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
22517| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
22518| [58805] Apache Derby Unauthenticated Database / Admin Access
22519| [58804] Apache Wicket Header Contribution Unspecified Issue
22520| [58803] Apache Wicket Session Fixation
22521| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
22522| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
22523| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
22524| [58799] Apache Tapestry Logging Cleartext Password Disclosure
22525| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
22526| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
22527| [58796] Apache Jetspeed Unsalted Password Storage Weakness
22528| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
22529| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
22530| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
22531| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
22532| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
22533| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
22534| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
22535| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
22536| [58775] Apache JSPWiki preview.jsp action Parameter XSS
22537| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22538| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
22539| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
22540| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
22541| [58770] Apache JSPWiki Group.jsp group Parameter XSS
22542| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
22543| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
22544| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
22545| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
22546| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22547| [58763] Apache JSPWiki Include Tag Multiple Script XSS
22548| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
22549| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
22550| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
22551| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
22552| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
22553| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
22554| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
22555| [58755] Apache Harmony DRLVM Non-public Class Member Access
22556| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
22557| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
22558| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
22559| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
22560| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
22561| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
22562| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
22563| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
22564| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
22565| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
22566| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
22567| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
22568| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
22569| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
22570| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
22571| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
22572| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
22573| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
22574| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
22575| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
22576| [58725] Apache Tapestry Basic String ACL Bypass Weakness
22577| [58724] Apache Roller Logout Functionality Failure Session Persistence
22578| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
22579| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
22580| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
22581| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
22582| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
22583| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
22584| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
22585| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
22586| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
22587| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
22588| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
22589| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
22590| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
22591| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
22592| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
22593| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
22594| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
22595| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
22596| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
22597| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
22598| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
22599| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
22600| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
22601| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
22602| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
22603| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
22604| [58687] Apache Axis Invalid wsdl Request XSS
22605| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
22606| [58685] Apache Velocity Template Designer Privileged Code Execution
22607| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
22608| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
22609| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
22610| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
22611| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
22612| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
22613| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
22614| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
22615| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
22616| [58667] Apache Roller Database Cleartext Passwords Disclosure
22617| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
22618| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
22619| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
22620| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
22621| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
22622| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
22623| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
22624| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
22625| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
22626| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
22627| [56984] Apache Xerces2 Java Malformed XML Input DoS
22628| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
22629| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
22630| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
22631| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
22632| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
22633| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
22634| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
22635| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
22636| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
22637| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
22638| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
22639| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
22640| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
22641| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
22642| [55056] Apache Tomcat Cross-application TLD File Manipulation
22643| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
22644| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
22645| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
22646| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
22647| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
22648| [54589] Apache Jserv Nonexistent JSP Request XSS
22649| [54122] Apache Struts s:a / s:url Tag href Element XSS
22650| [54093] Apache ActiveMQ Web Console JMS Message XSS
22651| [53932] Apache Geronimo Multiple Admin Function CSRF
22652| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
22653| [53930] Apache Geronimo /console/portal/ URI XSS
22654| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
22655| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
22656| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
22657| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
22658| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
22659| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
22660| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
22661| [53380] Apache Struts Unspecified XSS
22662| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
22663| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
22664| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
22665| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
22666| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
22667| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
22668| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
22669| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
22670| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
22671| [51151] Apache Roller Search Function q Parameter XSS
22672| [50482] PHP with Apache php_value Order Unspecified Issue
22673| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
22674| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
22675| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
22676| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
22677| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
22678| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
22679| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
22680| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
22681| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
22682| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
22683| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
22684| [47096] Oracle Weblogic Apache Connector POST Request Overflow
22685| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
22686| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
22687| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
22688| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
22689| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
22690| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
22691| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
22692| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
22693| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
22694| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
22695| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
22696| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
22697| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
22698| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
22699| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
22700| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
22701| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
22702| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
22703| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
22704| [43452] Apache Tomcat HTTP Request Smuggling
22705| [43309] Apache Geronimo LoginModule Login Method Bypass
22706| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
22707| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
22708| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
22709| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
22710| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
22711| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
22712| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
22713| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
22714| [42091] Apache Maven Site Plugin Installation Permission Weakness
22715| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
22716| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
22717| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
22718| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
22719| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
22720| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
22721| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
22722| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
22723| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
22724| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
22725| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
22726| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
22727| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
22728| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
22729| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
22730| [40262] Apache HTTP Server mod_status refresh XSS
22731| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
22732| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
22733| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
22734| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
22735| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
22736| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
22737| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
22738| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
22739| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
22740| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
22741| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
22742| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
22743| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
22744| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
22745| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
22746| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
22747| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
22748| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
22749| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
22750| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
22751| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
22752| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
22753| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
22754| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
22755| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
22756| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
22757| [36080] Apache Tomcat JSP Examples Crafted URI XSS
22758| [36079] Apache Tomcat Manager Uploaded Filename XSS
22759| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
22760| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
22761| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
22762| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
22763| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
22764| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
22765| [34881] Apache Tomcat Malformed Accept-Language Header XSS
22766| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
22767| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
22768| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
22769| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
22770| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
22771| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
22772| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
22773| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
22774| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
22775| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
22776| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
22777| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
22778| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
22779| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
22780| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
22781| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
22782| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
22783| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
22784| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
22785| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
22786| [32724] Apache mod_python _filter_read Freed Memory Disclosure
22787| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
22788| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
22789| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
22790| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
22791| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
22792| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
22793| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
22794| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
22795| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
22796| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
22797| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
22798| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
22799| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
22800| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
22801| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
22802| [24365] Apache Struts Multiple Function Error Message XSS
22803| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
22804| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
22805| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
22806| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
22807| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
22808| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
22809| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
22810| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
22811| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
22812| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
22813| [22459] Apache Geronimo Error Page XSS
22814| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
22815| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
22816| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
22817| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
22818| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
22819| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
22820| [21021] Apache Struts Error Message XSS
22821| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
22822| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
22823| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
22824| [20439] Apache Tomcat Directory Listing Saturation DoS
22825| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
22826| [20285] Apache HTTP Server Log File Control Character Injection
22827| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
22828| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
22829| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
22830| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
22831| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
22832| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
22833| [19821] Apache Tomcat Malformed Post Request Information Disclosure
22834| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
22835| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
22836| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
22837| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
22838| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
22839| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
22840| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
22841| [18233] Apache HTTP Server htdigest user Variable Overfow
22842| [17738] Apache HTTP Server HTTP Request Smuggling
22843| [16586] Apache HTTP Server Win32 GET Overflow DoS
22844| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
22845| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
22846| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
22847| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
22848| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
22849| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
22850| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
22851| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
22852| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
22853| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
22854| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
22855| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
22856| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
22857| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
22858| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
22859| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
22860| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
22861| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
22862| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
22863| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
22864| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
22865| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
22866| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
22867| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
22868| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
22869| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
22870| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
22871| [13304] Apache Tomcat realPath.jsp Path Disclosure
22872| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
22873| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
22874| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
22875| [12848] Apache HTTP Server htdigest realm Variable Overflow
22876| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
22877| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
22878| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
22879| [12557] Apache HTTP Server prefork MPM accept Error DoS
22880| [12233] Apache Tomcat MS-DOS Device Name Request DoS
22881| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
22882| [12231] Apache Tomcat web.xml Arbitrary File Access
22883| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
22884| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
22885| [12178] Apache Jakarta Lucene results.jsp XSS
22886| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
22887| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
22888| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
22889| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
22890| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
22891| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
22892| [10471] Apache Xerces-C++ XML Parser DoS
22893| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
22894| [10068] Apache HTTP Server htpasswd Local Overflow
22895| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
22896| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
22897| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
22898| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
22899| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
22900| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
22901| [9717] Apache HTTP Server mod_cookies Cookie Overflow
22902| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
22903| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
22904| [9714] Apache Authentication Module Threaded MPM DoS
22905| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
22906| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
22907| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
22908| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
22909| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
22910| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
22911| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
22912| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
22913| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
22914| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
22915| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
22916| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
22917| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
22918| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
22919| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
22920| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
22921| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
22922| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
22923| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
22924| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
22925| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
22926| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
22927| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
22928| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
22929| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
22930| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
22931| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
22932| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
22933| [9208] Apache Tomcat .jsp Encoded Newline XSS
22934| [9204] Apache Tomcat ROOT Application XSS
22935| [9203] Apache Tomcat examples Application XSS
22936| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
22937| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
22938| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
22939| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
22940| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
22941| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
22942| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
22943| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
22944| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
22945| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
22946| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
22947| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
22948| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
22949| [7611] Apache HTTP Server mod_alias Local Overflow
22950| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
22951| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
22952| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
22953| [6882] Apache mod_python Malformed Query String Variant DoS
22954| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
22955| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
22956| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
22957| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
22958| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
22959| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
22960| [5526] Apache Tomcat Long .JSP URI Path Disclosure
22961| [5278] Apache Tomcat web.xml Restriction Bypass
22962| [5051] Apache Tomcat Null Character DoS
22963| [4973] Apache Tomcat servlet Mapping XSS
22964| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
22965| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
22966| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
22967| [4568] mod_survey For Apache ENV Tags SQL Injection
22968| [4553] Apache HTTP Server ApacheBench Overflow DoS
22969| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
22970| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
22971| [4383] Apache HTTP Server Socket Race Condition DoS
22972| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
22973| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
22974| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
22975| [4231] Apache Cocoon Error Page Server Path Disclosure
22976| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
22977| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
22978| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
22979| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
22980| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
22981| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
22982| [3322] mod_php for Apache HTTP Server Process Hijack
22983| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
22984| [2885] Apache mod_python Malformed Query String DoS
22985| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
22986| [2733] Apache HTTP Server mod_rewrite Local Overflow
22987| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
22988| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
22989| [2149] Apache::Gallery Privilege Escalation
22990| [2107] Apache HTTP Server mod_ssl Host: Header XSS
22991| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
22992| [1833] Apache HTTP Server Multiple Slash GET Request DoS
22993| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
22994| [872] Apache Tomcat Multiple Default Accounts
22995| [862] Apache HTTP Server SSI Error Page XSS
22996| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
22997| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
22998| [845] Apache Tomcat MSDOS Device XSS
22999| [844] Apache Tomcat Java Servlet Error Page XSS
23000| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
23001| [838] Apache HTTP Server Chunked Encoding Remote Overflow
23002| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
23003| [775] Apache mod_python Module Importing Privilege Function Execution
23004| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
23005| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
23006| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
23007| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
23008| [637] Apache HTTP Server UserDir Directive Username Enumeration
23009| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
23010| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
23011| [562] Apache HTTP Server mod_info /server-info Information Disclosure
23012| [561] Apache Web Servers mod_status /server-status Information Disclosure
23013| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
23014| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
23015| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
23016| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
23017| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
23018| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
23019| [376] Apache Tomcat contextAdmin Arbitrary File Access
23020| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
23021| [222] Apache HTTP Server test-cgi Arbitrary File Access
23022| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
23023| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
23024|_
23025445/tcp closed microsoft-ds
23026Device type: general purpose
23027Running (JUST GUESSING): Linux 2.6.X|4.X (91%)
23028OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.2
23029Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 4.2 (86%)
23030No exact OS matches for host (test conditions non-ideal).
23031Uptime guess: 24.970 days (since Mon Dec 23 16:08:56 2019)
23032Network Distance: 2 hops
23033TCP Sequence Prediction: Difficulty=262 (Good luck!)
23034IP ID Sequence Generation: All zeros
23035
23036TRACEROUTE (using port 25/tcp)
23037HOP RTT ADDRESS
230381 106.02 ms 10.243.204.1
230392 106.02 ms ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
23040
23041NSE: Script Post-scanning.
23042Initiating NSE at 15:25
23043Completed NSE at 15:25, 0.00s elapsed
23044Initiating NSE at 15:25
23045Completed NSE at 15:25, 0.00s elapsed
23046#######################################################################################################################################
23047Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 15:25 EST
23048NSE: Loaded 47 scripts for scanning.
23049NSE: Script Pre-scanning.
23050Initiating NSE at 15:25
23051Completed NSE at 15:25, 0.00s elapsed
23052Initiating NSE at 15:25
23053Completed NSE at 15:25, 0.00s elapsed
23054Initiating Parallel DNS resolution of 1 host. at 15:25
23055Completed Parallel DNS resolution of 1 host. at 15:25, 0.04s elapsed
23056Initiating UDP Scan at 15:25
23057Scanning ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5) [15 ports]
23058Completed UDP Scan at 15:25, 2.52s elapsed (15 total ports)
23059Initiating Service scan at 15:25
23060Scanning 13 services on ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
23061Service scan Timing: About 7.69% done; ETC: 15:46 (0:19:24 remaining)
23062Completed Service scan at 15:27, 102.59s elapsed (13 services on 1 host)
23063Initiating OS detection (try #1) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
23064Retrying OS detection (try #2) against ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
23065Initiating Traceroute at 15:27
23066Completed Traceroute at 15:27, 7.12s elapsed
23067Initiating Parallel DNS resolution of 1 host. at 15:27
23068Completed Parallel DNS resolution of 1 host. at 15:27, 0.00s elapsed
23069NSE: Script scanning 52.198.68.5.
23070Initiating NSE at 15:27
23071Completed NSE at 15:27, 7.12s elapsed
23072Initiating NSE at 15:27
23073Completed NSE at 15:27, 1.01s elapsed
23074Nmap scan report for ec2-52-198-68-5.ap-northeast-1.compute.amazonaws.com (52.198.68.5)
23075Host is up (0.089s latency).
23076
23077PORT STATE SERVICE VERSION
2307853/udp open|filtered domain
2307967/udp open|filtered dhcps
2308068/udp open|filtered dhcpc
2308169/udp open|filtered tftp
2308288/udp open|filtered kerberos-sec
23083123/udp open|filtered ntp
23084137/udp filtered netbios-ns
23085138/udp filtered netbios-dgm
23086139/udp open|filtered netbios-ssn
23087161/udp open|filtered snmp
23088162/udp open|filtered snmptrap
23089389/udp open|filtered ldap
23090500/udp open|filtered isakmp
23091|_ike-version: ERROR: Script execution failed (use -d to debug)
23092520/udp open|filtered route
230932049/udp open|filtered nfs
23094Too many fingerprints match this host to give specific OS details
23095
23096TRACEROUTE (using port 138/udp)
23097HOP RTT ADDRESS
230981 49.26 ms 10.243.204.1
230992 ... 3
231004 59.80 ms 10.243.204.1
231015 100.64 ms 10.243.204.1
231026 100.64 ms 10.243.204.1
231037 100.64 ms 10.243.204.1
231048 100.64 ms 10.243.204.1
231059 100.63 ms 10.243.204.1
2310610 30.82 ms 10.243.204.1
2310711 ... 18
2310819 30.02 ms 10.243.204.1
2310920 29.81 ms 10.243.204.1
2311021 ... 27
2311128 30.80 ms 10.243.204.1
2311229 61.84 ms 10.243.204.1
2311330 30.54 ms 10.243.204.1
23114
23115NSE: Script Post-scanning.
23116Initiating NSE at 15:27
23117Completed NSE at 15:27, 0.00s elapsed
23118Initiating NSE at 15:27
23119Completed NSE at 15:27, 0.00s elapsed
23120#######################################################################################################################################
23121 Anonymous JTSEC #OpWhales Full Recon #16