· 6 years ago · Jan 19, 2020, 07:50 PM
1#####################################################################################################################################
2=====================================================================================================================================
3Hostname www.kyodo-senpaku.co.jp ISP Computer Engineering & Consulting, Ltd.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 20 Jan 2020 04:03 JST
8City Unknown Postal Code Unknown
9IP Address 211.13.196.135 Latitude 35.69
10 Longitude 139.69
11=======================================================================================================================================
12#####################################################################################################################################
13> www.kyodo-senpaku.co.jp
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.kyodo-senpaku.co.jp
19Address: 211.13.196.135
20>
21#####################################################################################################################################
22Domain Information:
23a. [Domain Name] KYODO-SENPAKU.CO.JP
24g. [Organization] Kyodosenpaku corporation
25l. [Organization Type] Corporation
26m. [Administrative Contact] TN5822JP
27n. [Technical Contact] HY4200JP
28p. [Name Server] ns.namedserver.net
29p. [Name Server] ns2.namedserver.net
30s. [Signing Key]
31[State] Connected (2020/09/30)
32[Registered Date] 2001/09/06
33[Connected Date] 2001/09/25
34[Last Update] 2019/10/01 01:01:52 (JST)
35#####################################################################################################################################
36[+] Target : www.kyodo-senpaku.co.jp
37
38[+] IP Address : 211.13.196.135
39
40[+] Headers :
41
42[+] Date : Sun, 19 Jan 2020 19:08:58 GMT
43[+] Server : Apache
44[+] Last-Modified : Thu, 16 Jan 2020 02:43:00 GMT
45[+] ETag : "3278-59c38c887d500"
46[+] Accept-Ranges : bytes
47[+] Content-Length : 12920
48[+] Keep-Alive : timeout=2, max=100
49[+] Connection : Keep-Alive
50[+] Content-Type : text/html
51
52[+] SSL Certificate Information :
53
54[+] countryName : JP
55[+] stateOrProvinceName : Tokyo
56[+] localityName : Shibuya
57[+] organizationName : GMO CLOUD K.K.
58[+] commonName : sni.red.shared-server.net
59[+] countryName : JP
60[+] stateOrProvinceName : Tokyo
61[+] localityName : Shibuya
62[+] organizationName : GMO CLOUD K.K.
63[+] commonName : sni.red.shared-server.net
64[+] Version : 1
65[+] Serial Number : C9FAB090556C44F3
66[+] Not Before : Apr 10 02:09:25 2017 GMT
67[+] Not After : Apr 8 02:09:25 2027 GMT
68
69[+] Whois Lookup :
70
71[+] NIR : {'query': '211.13.196.135', 'raw': None, 'nets': [{'cidr': '211.13.192.0/21', 'name': 'GMOCLOUD K.K.', 'handle': 'GMOCLOUD-NET', 'range': '211.13.192.1 - 211.13.199.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['ns.namedserver.net', 'ns2.namedserver.net'], 'created': None, 'updated': '2019-04-25T09:56:03', 'contacts': {'admin': {'email': 'mex@gmo-hs.com', 'organization': 'GMOCLOUD K.K', 'division': 'System Operation Section, Service Operations Dev.', 'phone': '03-6415-6100', 'fax': '03-6415-6101', 'updated': '2019-04-25T09:08:03'}, 'tech': {'email': 'mex@gmo-hs.com', 'organization': 'GMOCLOUD K.K', 'division': 'System Operation Section, Service Operations Dev.', 'phone': '03-6415-6100', 'fax': '03-6415-6101', 'updated': '2019-04-25T09:08:03'}}}]}
72[+] ASN Registry : apnic
73[+] ASN : 7514
74[+] ASN CIDR : 211.13.192.0/19
75[+] ASN Country Code : JP
76[+] ASN Date : 1999-11-22
77[+] ASN Description : MEX Computer Engineering & Consulting, Ltd., JP
78[+] cidr : 211.8.0.0/13, 211.16.0.0/14
79[+] name : JPNIC-NET-JP
80[+] handle : JNIC1-AP
81[+] range : 211.8.0.0 - 211.19.255.255
82[+] description : Japan Network Information Center
83[+] country : JP
84[+] state : None
85[+] city : None
86[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
87Chiyoda-ku, Tokyo 101-0047, Japan
88[+] postal_code : None
89[+] emails : ['hostmaster@nic.ad.jp']
90[+] created : None
91[+] updated : None
92
93[+] Crawling Target...
94
95[+] Looking for robots.txt........[ Not Found ]
96[+] Looking for sitemap.xml.......[ Not Found ]
97[+] Extracting CSS Links..........[ 5 ]
98[+] Extracting Javascript Links...[ 5 ]
99[+] Extracting Internal Links.....[ 1 ]
100[+] Extracting External Links.....[ 5 ]
101[+] Extracting Images.............[ 40 ]
102
103[+] Total Links Extracted : 56
104
105[+] Dumping Links in /opt/FinalRecon/dumps/www.kyodo-senpaku.co.jp.dump
106[+] Completed!
107####################################################################################################################################
108[i] Scanning Site: http://211.13.196.135
109
110
111
112B A S I C I N F O
113====================
114
115
116[+] Site Title:
117[+] IP address: 211.13.196.135
118[+] Web Server: Apache
119[+] CMS: Could Not Detect
120[+] Cloudflare: Not Detected
121[+] Robots File: Could NOT Find robots.txt!
122
123
124
125
126W H O I S L O O K U P
127========================
128
129 % This is the RIPE Database query service.
130% The objects are in RPSL format.
131%
132% The RIPE Database is subject to Terms and Conditions.
133% See http://www.ripe.net/db/support/db-terms-conditions.pdf
134
135% Note: this output has been filtered.
136% To receive output for a database update, use the "-B" flag.
137
138% Information related to '209.251.254.0 - 211.255.255.255'
139
140% No abuse contact registered for 209.251.254.0 - 211.255.255.255
141
142inetnum: 209.251.254.0 - 211.255.255.255
143netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
144descr: IPv4 address block not managed by the RIPE NCC
145remarks: ------------------------------------------------------
146remarks:
147remarks: For registration information,
148remarks: you can consult the following sources:
149remarks:
150remarks: IANA
151remarks: http://www.iana.org/assignments/ipv4-address-space
152remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
153remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
154remarks:
155remarks: AFRINIC (Africa)
156remarks: http://www.afrinic.net/ whois.afrinic.net
157remarks:
158remarks: APNIC (Asia Pacific)
159remarks: http://www.apnic.net/ whois.apnic.net
160remarks:
161remarks: ARIN (Northern America)
162remarks: http://www.arin.net/ whois.arin.net
163remarks:
164remarks: LACNIC (Latin America and the Carribean)
165remarks: http://www.lacnic.net/ whois.lacnic.net
166remarks:
167remarks: ------------------------------------------------------
168country: EU # Country is really world wide
169admin-c: IANA1-RIPE
170tech-c: IANA1-RIPE
171status: ALLOCATED UNSPECIFIED
172mnt-by: RIPE-NCC-HM-MNT
173created: 2019-01-07T10:47:20Z
174last-modified: 2019-01-07T10:47:20Z
175source: RIPE
176
177% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
178
179
180
181
182
183
184G E O I P L O O K U P
185=========================
186
187[i] IP Address: 211.13.196.135
188[i] Country: Japan
189[i] State:
190[i] City:
191[i] Latitude: 35.69
192[i] Longitude: 139.69
193
194
195
196
197H T T P H E A D E R S
198=======================
199
200
201[i] HTTP/1.1 403 Forbidden
202[i] Date: Sun, 19 Jan 2020 19:09:12 GMT
203[i] Server: Apache
204[i] Content-Length: 199
205[i] Connection: close
206[i] Content-Type: text/html; charset=iso-8859-1
207
208
209
210
211D N S L O O K U P
212===================
213
214no records found
215
216
217
218S U B N E T C A L C U L A T I O N
219====================================
220
221Address = 211.13.196.135
222Network = 211.13.196.135 / 32
223Netmask = 255.255.255.255
224Broadcast = not needed on Point-to-Point links
225Wildcard Mask = 0.0.0.0
226Hosts Bits = 0
227Max. Hosts = 1 (2^0 - 0)
228Host Range = { 211.13.196.135 - 211.13.196.135 }
229
230
231
232N M A P P O R T S C A N
233============================
234
235Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-19 19:09 UTC
236Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
237Host is up (0.15s latency).
238
239PORT STATE SERVICE
24021/tcp filtered ftp
24122/tcp filtered ssh
24223/tcp filtered telnet
24380/tcp open http
244110/tcp filtered pop3
245143/tcp filtered imap
246443/tcp open https
2473389/tcp filtered ms-wbt-server
248
249Nmap done: 1 IP address (1 host up) scanned in 2.63 seconds
250#####################################################################################################################################
251[+] Starting At 2020-01-19 14:09:28.453220
252[+] Collecting Information On: http://www.kyodo-senpaku.co.jp/
253[#] Status: 200
254--------------------------------------------------
255[#] Web Server Detected: Apache
256[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
257- Date: Sun, 19 Jan 2020 19:09:23 GMT
258- Server: Apache
259- Last-Modified: Thu, 16 Jan 2020 02:43:00 GMT
260- ETag: "3278-59c38c887d500"
261- Accept-Ranges: bytes
262- Content-Length: 12920
263- Keep-Alive: timeout=2, max=100
264- Connection: Keep-Alive
265- Content-Type: text/html
266--------------------------------------------------
267[#] Finding Location..!
268[#] status: success
269[#] country: Japan
270[#] countryCode: JP
271[#] region: 13
272[#] regionName: Tokyo
273[#] city: Chiyoda
274[#] zip: 289-2614
275[#] lat: 35.6775
276[#] lon: 139.762
277[#] timezone: Asia/Tokyo
278[#] isp: ComputerEngineering&Consulting, Ltd.
279[#] org: mex
280[#] as: AS7514 Computer Engineering & Consulting, Ltd.
281[#] query: 211.13.196.135
282--------------------------------------------------
283[x] Didn't Detect WAF Presence on: http://www.kyodo-senpaku.co.jp/
284--------------------------------------------------
285[#] Starting Reverse DNS
286[!] Found 117 any Domain
287- agprintshop.com
288- asakusa-matsunami.co.jp
289- asakusamikawaya.com
290- athlete-web.com
291- bright3.jp
292- calaworld.com
293- centraza.com
294- earth-aso.jp
295- esa.gr.jp
296- fukueifudousan.com
297- fumiere.com
298- higashikyusyu-ds.jp
299- honey-de.com
300- hpstore.jp
301- j-hanbs.or.jp
302- japan-stay.com
303- kasuga.or.jp
304- kiwat.com
305- ko-and-co.com
306- kogaku-buhin.com
307- komukaimushusei.com
308- kurohime-kogen.co.jp
309- kyodo-senpaku.co.jp
310- kyoujin.xyz
311- mexichemfluor.co.jp
312- mkumi.com
313- mokutankan.com
314- ouzan.net
315- reform-anshin.com
316- shirakawa-go.com
317- sp-aichi.com
318- sunsystemai.co.jp
319- tfec9.org
320- torito.jp
321- tsujimoto-hifuka.com
322- worldmarketingsummit.jp
323- www.9-jin.jp
324- www.9129.co.jp
325- www.aoki-shoten.co.jp
326- www.aoyamabs.jp
327- www.applek.com
328- www.augur.jp
329- www.beauxyeux.jp
330- www.cafe-fish.com
331- www.centraza.com
332- www.cic-ip.com
333- www.clamp-kakuta.com
334- www.cos.co.jp
335- www.daiken-s.co.jp
336- www.dokutoruyo.com
337- www.e-khp.com
338- www.einstein1905.info
339- www.elph.jp
340- www.elue.jp
341- www.eri-kawai.com
342- www.f-wood.com
343- www.falcon24.com
344- www.fpfacile.co.jp
345- www.friendship-co.jp
346- www.fuso-auto.co.jp
347- www.gee.co.jp
348- www.geo-prd.co.jp
349- www.germa-soudan.com
350- www.go-fuku.jp
351- www.gondo.com
352- www.gyosei-grp.or.jp
353- www.hanataro.com
354- www.hanawasangyo.co.jp
355- www.hashimaya.com
356- www.hn-group.co.jp
357- www.honnoji.co.jp
358- www.imdoor.com
359- www.islandbrain.co.jp
360- www.jpn-ga.jp
361- www.kawamura-seiki.co.jp
362- www.kenko-baseball.com
363- www.koji-okada.com
364- www.konan-crane.or.jp
365- www.kurohime-kogen.co.jp
366- www.kyowaseiko.co.jp
367- www.luminous-hotel.co.jp
368- www.meijiza-ac.jp
369- www.n-s-system.co.jp
370- www.nagoyakamotsu.com
371- www.natulux.com
372- www.nichidaifilter.co.jp
373- www.nichiei-ind.com
374- www.niku-mansei.com
375- www.nobustyle.jp
376- www.nodajuku.co.jp
377- www.ohm.jp
378- www.piolink.co.jp
379- www.pjgroup.jp
380- www.pradera.co.jp
381- www.presen.co.jp
382- www.ropex.com
383- www.royalroadginza.com
384- www.saibad.com
385- www.sanage-cc.com
386- www.schoolaidjapan.or.jp
387- www.seiwabussan.co.jp
388- www.st-staff.co.jp
389- www.sukoken.or.jp
390- www.sysaudit.gr.jp
391- www.tabba.org
392- www.tire-tengoku.com
393- www.tocollo.co.jp
394- www.totoro.or.jp
395- www.toyota-kobe.ac.jp
396- www.translatejapan.com
397- www.tsuruga.co.jp
398- www.web-isin.net
399- www.wsp.gr.jp
400- www.yogekisha.com
401- www.yoshiiclinic.jp
402- yakugaku.or.jp
403- yokkaichidome.com
404--------------------------------------------------
405[!] Scanning Open Port
406[#] 80/tcp open http
407[#] 443/tcp open https
408--------------------------------------------------
409[+] Getting SSL Info
410[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
411--------------------------------------------------
412[+] Collecting Information Disclosure!
413[#] Detecting sitemap.xml file
414[-] sitemap.xml file not Found!?
415[#] Detecting robots.txt file
416[-] robots.txt file not Found!?
417[#] Detecting GNU Mailman
418[-] GNU Mailman App Not Detected!?
419--------------------------------------------------
420[+] Crawling Url Parameter On: http://www.kyodo-senpaku.co.jp/
421--------------------------------------------------
422[#] Searching Html Form !
423[-] No Html Form Found!?
424--------------------------------------------------
425[!] Found 9 dom parameter
426[#] http://www.kyodo-senpaku.co.jp//#
427[#] http://www.kyodo-senpaku.co.jp//#wrapper
428[#] http://www.kyodo-senpaku.co.jp//services.html#link_01
429[#] http://www.kyodo-senpaku.co.jp//services.html#link_02
430[#] http://www.kyodo-senpaku.co.jp//services.html#link_03
431[#] http://www.kyodo-senpaku.co.jp//corporate.html#link_03
432[#] http://www.kyodo-senpaku.co.jp//corporate.html#link_01
433[#] http://www.kyodo-senpaku.co.jp//corporate.html#link_02
434[#] http://www.kyodo-senpaku.co.jp//corporate.html#link_04
435--------------------------------------------------
436[-] No internal Dynamic Parameter Found!?
437--------------------------------------------------
438[!] 1 External Dynamic Parameter Discovered
439[#] https://twitter.com/Baleninechan?ref_src=twsrc%5Etfw
440--------------------------------------------------
441[!] 26 Internal links Discovered
442[+] http://www.kyodo-senpaku.co.jp//css/default/reset.css
443[+] http://www.kyodo-senpaku.co.jp//css/default/oocss.css
444[+] http://www.kyodo-senpaku.co.jp//css/common.css
445[+] http://www.kyodo-senpaku.co.jp//css/top.css
446[+] http://www.kyodo-senpaku.co.jp//css/libs/jquery.bxslider.css
447[+] http://www.kyodo-senpaku.co.jp//index.html
448[+] http://www.kyodo-senpaku.co.jp/wordpress/blog
449[+] http://www.kyodo-senpaku.co.jp//contact.html
450[+] http://www.kyodo-senpaku.co.jp//index.html
451[+] http://www.kyodo-senpaku.co.jp//news/
452[+] http://www.kyodo-senpaku.co.jp//services.html
453[+] http://www.kyodo-senpaku.co.jp//corporate.html
454[+] http://www.kyodo-senpaku.co.jp//recruit/
455[+] http://www.kyodo-senpaku.co.jp//feature/balenine/index.html
456[+] http://www.kyodo-senpaku.co.jp//feature/restaurant/index.html
457[+] http://www.kyodo-senpaku.co.jp//services.html
458[+] http://www.kyodo-senpaku.co.jp//corporate.html
459[+] http://www.kyodo-senpaku.co.jp//recruit/
460[+] http://www.kyodo-senpaku.co.jp//index.html
461[+] http://www.kyodo-senpaku.co.jp//news/
462[+] http://www.kyodo-senpaku.co.jp//recruit/
463[+] http://www.kyodo-senpaku.co.jp//contact.html
464[+] http://www.kyodo-senpaku.co.jp//services.html
465[+] http://www.kyodo-senpaku.co.jp//corporate.html
466[+] http://www.kyodo-senpaku.co.jp/wordpress/blog
467[+] http://www.kyodo-senpaku.co.jp//index.html
468--------------------------------------------------
469[!] 7 External links Discovered
470[#] https://twitter.com/Baleninechan
471[#] http://www.kyodohanbai.co.jp/
472[#] https://colorme-repeat.jp/8/71196b35/imidabalenine02pc
473[#] https://twitter.com/Baleninechan
474[#] https://www.whaling.jp/recipe/
475[#] https://twitter.com/Baleninechan
476[#] https://twitter.com/Baleninechan
477--------------------------------------------------
478[#] Mapping Subdomain..
479[!] Found 2 Subdomain
480- www.kyodo-senpaku.co.jp
481- mx.kyodo-senpaku.co.jp
482--------------------------------------------------
483[!] Done At 2020-01-19 14:09:52.282674
484#####################################################################################################################################
485[INFO] ------TARGET info------
486[*] TARGET: http://www.kyodo-senpaku.co.jp/
487[*] TARGET IP: 211.13.196.135
488[INFO] NO load balancer detected for www.kyodo-senpaku.co.jp...
489[*] DNS servers: ns.namedserver.net.
490[*] TARGET server: Apache
491[*] CC: JP
492[*] Country: Japan
493[*] RegionCode: 13
494[*] RegionName: Tokyo
495[*] City: Chiyoda
496[*] ASN: AS7514
497[*] BGP_PREFIX: 211.13.192.0/19
498[*] ISP: MEX Computer Engineering & Consulting, Ltd., JP
499[INFO] DNS enumeration:
500[*] ftp.kyodo-senpaku.co.jp 211.13.204.2
501[*] mx.kyodo-senpaku.co.jp 211.13.204.4
502[INFO] Possible abuse mails are:
503[*] abuse@kyodo-senpaku.co.jp
504[*] abuse@www.kyodo-senpaku.co.jp
505[*] domain@1-man.net
506[INFO] NO PAC (Proxy Auto Configuration) file FOUND
507[INFO] Starting FUZZing in http://www.kyodo-senpaku.co.jp/FUzZzZzZzZz...
508[INFO] Status code Folders
509[*] 200 http://www.kyodo-senpaku.co.jp/news
510[ALERT] Look in the source code. It may contain passwords
511[INFO] Links found from http://www.kyodo-senpaku.co.jp/ http://211.13.196.135/:
512[*] https://colorme-repeat.jp/8/71196b35/imidabalenine02pc
513[*] https://twitter.com/Baleninechan
514[*] https://twitter.com/Baleninechan?ref_src=twsrc^tfw
515[*] https://www.whaling.jp/recipe/
516[*] http://www.kyodohanbai.co.jp/
517[*] http://www.kyodo-senpaku.co.jp/
518[*] http://www.kyodo-senpaku.co.jp/contact.html
519[*] http://www.kyodo-senpaku.co.jp/corporate.html
520[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_01
521[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_02
522[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_03
523[*] http://www.kyodo-senpaku.co.jp/corporate.html#link_04
524[*] http://www.kyodo-senpaku.co.jp/feature/balenine/index.html
525[*] http://www.kyodo-senpaku.co.jp/feature/restaurant/index.html
526[*] http://www.kyodo-senpaku.co.jp/index.html
527[*] http://www.kyodo-senpaku.co.jp/news/
528[*] http://www.kyodo-senpaku.co.jp/recruit/
529[*] http://www.kyodo-senpaku.co.jp/services.html
530[*] http://www.kyodo-senpaku.co.jp/services.html#link_01
531[*] http://www.kyodo-senpaku.co.jp/services.html#link_02
532[*] http://www.kyodo-senpaku.co.jp/services.html#link_03
533[*] http://www.kyodo-senpaku.co.jp/wordpress/blog
534[*] http://www.kyodo-senpaku.co.jp/#wrapper
535cut: intervalle de champ incorrecte
536Saisissez « cut --help » pour plus d'informations.
537[INFO] Shodan detected the following opened ports on 211.13.196.135:
538[*] 443
539[*] 80
540[INFO] ------VirusTotal SECTION------
541[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
542[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
543[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
544[INFO] ------Alexa Rank SECTION------
545[INFO] Percent of Visitors Rank in Country:
546[INFO] Percent of Search Traffic:
547[INFO] Percent of Unique Visits:
548[INFO] Total Sites Linking In:
549[*] Total Sites
550[INFO] Useful links related to www.kyodo-senpaku.co.jp - 211.13.196.135:
551[*] https://www.virustotal.com/pt/ip-address/211.13.196.135/information/
552[*] https://www.hybrid-analysis.com/search?host=211.13.196.135
553[*] https://www.shodan.io/host/211.13.196.135
554[*] https://www.senderbase.org/lookup/?search_string=211.13.196.135
555[*] https://www.alienvault.com/open-threat-exchange/ip/211.13.196.135
556[*] http://pastebin.com/search?q=211.13.196.135
557[*] http://urlquery.net/search.php?q=211.13.196.135
558[*] http://www.alexa.com/siteinfo/www.kyodo-senpaku.co.jp
559[*] http://www.google.com/safebrowsing/diagnostic?site=www.kyodo-senpaku.co.jp
560[*] https://censys.io/ipv4/211.13.196.135
561[*] https://www.abuseipdb.com/check/211.13.196.135
562[*] https://urlscan.io/search/#211.13.196.135
563[*] https://github.com/search?q=211.13.196.135&type=Code
564[INFO] Useful links related to AS7514 - 211.13.192.0/19:
565[*] http://www.google.com/safebrowsing/diagnostic?site=AS:7514
566[*] https://www.senderbase.org/lookup/?search_string=211.13.192.0/19
567[*] http://bgp.he.net/AS7514
568[*] https://stat.ripe.net/AS7514
569[INFO] Date: 19/01/20 | Time: 14:10:23
570[INFO] Total time: 0 minute(s) and 53 second(s)
571#####################################################################################################################################
572Trying "kyodo-senpaku.co.jp"
573;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34848
574;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2
575
576;; QUESTION SECTION:
577;kyodo-senpaku.co.jp. IN ANY
578
579;; ANSWER SECTION:
580kyodo-senpaku.co.jp. 3600 IN TXT "v=spf1 ip4:211.13.204.0/24 -all"
581kyodo-senpaku.co.jp. 3600 IN MX 100 mx.kyodo-senpaku.co.jp.
582kyodo-senpaku.co.jp. 3600 IN SOA ns.namedserver.net. root.namedserver.net. 2574137036 10800 1800 259200 1800
583kyodo-senpaku.co.jp. 3600 IN A 211.13.196.135
584kyodo-senpaku.co.jp. 43200 IN NS ns.namedserver.net.
585kyodo-senpaku.co.jp. 43200 IN NS ns2.namedserver.net.
586
587;; ADDITIONAL SECTION:
588ns2.namedserver.net. 25834 IN A 210.166.249.129
589ns.namedserver.net. 25834 IN A 180.222.176.193
590
591Received 239 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 531 ms
592######################################################################################################################################
593; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace kyodo-senpaku.co.jp any
594;; global options: +cmd
595. 79456 IN NS e.root-servers.net.
596. 79456 IN NS a.root-servers.net.
597. 79456 IN NS h.root-servers.net.
598. 79456 IN NS m.root-servers.net.
599. 79456 IN NS d.root-servers.net.
600. 79456 IN NS g.root-servers.net.
601. 79456 IN NS l.root-servers.net.
602. 79456 IN NS i.root-servers.net.
603. 79456 IN NS b.root-servers.net.
604. 79456 IN NS j.root-servers.net.
605. 79456 IN NS c.root-servers.net.
606. 79456 IN NS f.root-servers.net.
607. 79456 IN NS k.root-servers.net.
608. 79456 IN RRSIG NS 8 0 518400 20200201050000 20200119040000 33853 . zmM/gCiOlLmdrcx1+Ae8f4vXVmEtCAXXPhHJqMb961AXYWvZuEn3BWPM Tna3OX1y2igyKyCGE5fgYMz7y3XGxwpmPIP2xD9XswGsrzBhqsyCq+kg Is2+iTIy2vTfPnsmLCx/id/H6Sn9XzAFwt/omepqOMQQdt/TsRDZUrV9 5X1LuL0ulI/Dm2wu8lart4Zv8RnGNsbABoVzs9KFwUwqItP5QDa6thja SbLwqOhV0tY0zyZ45lXfDWCvTmVRvyZ2NcamONxWDzTEutf2X9uGayjq Yd+bA0ebXTRv3nkEJet82QbGP9xdPvIapeJ2vQosPYdXFkqpAp5FP3Q7 Mu85hQ==
609;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 106 ms
610
611jp. 172800 IN NS a.dns.jp.
612jp. 172800 IN NS b.dns.jp.
613jp. 172800 IN NS c.dns.jp.
614jp. 172800 IN NS d.dns.jp.
615jp. 172800 IN NS e.dns.jp.
616jp. 172800 IN NS f.dns.jp.
617jp. 172800 IN NS g.dns.jp.
618jp. 172800 IN NS h.dns.jp.
619jp. 86400 IN DS 39595 8 1 1CC05D3654844B375BE8FDFB8933A21C9E9897DD
620jp. 86400 IN DS 39595 8 2 2871D562754FD45AC0452440D806ABB8E6BA967B2032B166FD2761E8 73553387
621jp. 86400 IN RRSIG DS 8 1 86400 20200201050000 20200119040000 33853 . hmRn8aCNVdDKRxHU7SKsYtqiLr5/7g3b0J+7WRp+8x3ParsyK+yE0OtT eNOv3jn2JBopqop08+R3QTCrvG8mA9cG8dhZTGVviKfw7aWSvxQxBSNj q4k8bMVIsRsopzC51mQS9bbDZniynQ+oO+oYaseFYgavbN9lD9m1BSYC lihqX9D+1f29nyB+PEqraZOySEAwuYnQnXgaV7i2DmxCGw+1jgueBJQk 5pLBnTd8BcZPOianamXweLc2IMId+LDkKHEhqrSzopKpjCzzqijGLQ0v 9HUaK0ntok0J7m68dszbBFBbJd5bn2Ci7uJYnjcEaeaf9a7oQmtDaIA8 20Q6Yg==
622;; Received 875 bytes from 192.58.128.30#53(j.root-servers.net) in 89 ms
623
624kyodo-senpaku.co.jp. 86400 IN NS ns.namedserver.net.
625kyodo-senpaku.co.jp. 86400 IN NS ns2.namedserver.net.
626C0TKH27SBTDJ80JJM75A6OC1VODH95FE.jp. 900 IN NSEC3 1 1 5 F07F38698C C1DM9UBG36HHH1SLU9ARR061EKTKL7DO TXT RRSIG
627C0TKH27SBTDJ80JJM75A6OC1VODH95FE.jp. 900 IN RRSIG NSEC3 8 2 900 20200217174502 20200118174502 58203 jp. icUJUkptggqsuL/U73JpoZhbifNESc+3Rjcf5+ptUhRlXpHYtQLvtDfV fQ8lcrok5oPQRe+D4ahq3HGouxO3mQaIlSCZv7lkzPwhXaSguyvD/TfG FwnOFAHjZT1MLoqd4AZIFo4/qiZAKXpRSpTCdHiRtvGJEW72h/JhRmYo z2s=
628GJB1B1SUJ9BLOIMOTTDVN6FE22404R4G.jp. 900 IN NSEC3 1 1 5 F07F38698C GKB2PM2LMG650UU88CFMJVJGPC70PJAN TXT RRSIG
629GJB1B1SUJ9BLOIMOTTDVN6FE22404R4G.jp. 900 IN RRSIG NSEC3 8 2 900 20200217174502 20200118174502 58203 jp. rKB9oMnFvmaFtfHpvMXj8LwA8+ukgpugffTxkIK9crks1dyUFX/FJzQQ 4WpvTP43tWcMll1sXQJDqS2ZYl6pOvtwMFmgNbswvhyofO+5XF+0umsE xYwQnQ3M7G4l+QdIR1Rarn5fJyxKdPA5LgDAQ8v/HcQrV+i1Xxv9zA7e HF0=
630;; Received 618 bytes from 2001:240::53#53(d.dns.jp) in 43 ms
631
632kyodo-senpaku.co.jp. 3600 IN A 211.13.196.135
633kyodo-senpaku.co.jp. 86400 IN NS ns2.namedserver.net.
634kyodo-senpaku.co.jp. 86400 IN NS ns.namedserver.net.
635kyodo-senpaku.co.jp. 3600 IN SOA ns.namedserver.net. root.namedserver.net. 2574137036 10800 1800 259200 1800
636kyodo-senpaku.co.jp. 3600 IN MX 100 mx.kyodo-senpaku.co.jp.
637kyodo-senpaku.co.jp. 3600 IN TXT "v=spf1 ip4:211.13.204.0/24 -all"
638;; Received 266 bytes from 180.222.176.193#53(ns.namedserver.net) in 235 ms
639####################################################################################################################################
640[*] Performing General Enumeration of Domain: kyodo-senpaku.co.jp
641[-] DNSSEC is not configured for kyodo-senpaku.co.jp
642[*] SOA ns.namedserver.net 180.222.176.193
643[*] NS ns2.namedserver.net 210.166.249.129
644[*] Bind Version for 210.166.249.129 PowerDNS Authoritative Server 4.1.5 (built Nov 19 2019 19:44:01 by root@bdns801)
645[*] NS ns.namedserver.net 180.222.176.193
646[*] Bind Version for 180.222.176.193 PowerDNS Authoritative Server 4.1.5 (built Nov 21 2019 10:12:09 by root@adns801)
647[*] MX mx.kyodo-senpaku.co.jp 211.13.204.4
648[*] A kyodo-senpaku.co.jp 211.13.196.135
649[*] TXT kyodo-senpaku.co.jp v=spf1 ip4:211.13.204.0/24 -all
650[*] Enumerating SRV Records
651[-] No SRV Records Found for kyodo-senpaku.co.jp
652[+] 0 Records Found
653#####################################################################################################################################
654[*] Processing domain kyodo-senpaku.co.jp
655[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
656[+] Getting nameservers
657210.166.249.129 - ns2.namedserver.net
658180.222.176.193 - ns.namedserver.net
659[-] Zone transfer failed
660
661[+] TXT records found
662"v=spf1 ip4:211.13.204.0/24 -all"
663
664[+] MX records found, added to target list
665100 mx.kyodo-senpaku.co.jp.
666
667[*] Scanning kyodo-senpaku.co.jp for A records
668211.13.196.135 - kyodo-senpaku.co.jp
669211.13.204.2 - ftp.kyodo-senpaku.co.jp
670211.13.204.18 - imap.kyodo-senpaku.co.jp
671211.13.204.4 - mx.kyodo-senpaku.co.jp
672211.13.204.5 - pop.kyodo-senpaku.co.jp
673211.13.204.5 - smtp.kyodo-senpaku.co.jp
674211.13.196.135 - www.kyodo-senpaku.co.jp
675####################################################################################################################################
676 AVAILABLE PLUGINS
677 -----------------
678
679 SessionResumptionPlugin
680 CertificateInfoPlugin
681 SessionRenegotiationPlugin
682 HeartbleedPlugin
683 OpenSslCipherSuitesPlugin
684 CompressionPlugin
685 FallbackScsvPlugin
686 HttpHeadersPlugin
687 RobotPlugin
688 EarlyDataPlugin
689 OpenSslCcsInjectionPlugin
690
691
692
693 CHECKING HOST(S) AVAILABILITY
694 -----------------------------
695
696 211.13.196.135:443 => 211.13.196.135
697
698
699
700
701 SCAN RESULTS FOR 211.13.196.135:443 - 211.13.196.135
702 ----------------------------------------------------
703
704 * OpenSSL CCS Injection:
705 OK - Not vulnerable to OpenSSL CCS injection
706
707 * SSLV2 Cipher Suites:
708 Server rejected all cipher suites.
709
710 * TLS 1.2 Session Resumption Support:
711 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
712 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
713
714 * Session Renegotiation:
715 Client-initiated Renegotiation: OK - Rejected
716 Secure Renegotiation: OK - Supported
717
718 * Deflate Compression:
719 OK - Compression disabled
720
721 * OpenSSL Heartbleed:
722 OK - Not vulnerable to Heartbleed
723
724 * TLSV1_3 Cipher Suites:
725 Server rejected all cipher suites.
726 Undefined - An unexpected error happened:
727 TLS_CHACHA20_POLY1305_SHA256 timeout - timed out
728 TLS_AES_128_CCM_SHA256 timeout - timed out
729
730 * SSLV3 Cipher Suites:
731 Server rejected all cipher suites.
732 Undefined - An unexpected error happened:
733 TLS_DH_anon_WITH_AES_128_CBC_SHA timeout - timed out
734
735 * Certificate Information:
736 Content
737 SHA1 Fingerprint: e0d27df475e860fc5f37802bcb93739e0e7f588d
738 Common Name: sni.red.shared-server.net
739 Issuer: sni.red.shared-server.net
740 Serial Number: 14554139279756117235
741 Not Before: 2017-04-10 02:09:25
742 Not After: 2027-04-08 02:09:25
743 Signature Algorithm: sha256
744 Public Key Algorithm: RSA
745 Key Size: 2048
746 Exponent: 65537 (0x10001)
747 DNS Subject Alternative Names: []
748
749 Trust
750 Hostname Validation: FAILED - Certificate does NOT match 211.13.196.135
751 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
752 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
753 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
754 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
755 Mozilla CA Store (2019-03-14): ERROR: timeout - timed out
756 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
757 Received Chain: sni.red.shared-server.net
758 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
759 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
760 Received Chain Order: OK - Order is valid
761 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
762
763 Extensions
764 OCSP Must-Staple: NOT SUPPORTED - Extension not found
765 Certificate Transparency: NOT SUPPORTED - Extension not found
766
767 OCSP Stapling
768 NOT SUPPORTED - Server did not send back an OCSP response
769
770 * ROBOT Attack:
771 UNKNOWN - Received inconsistent results
772
773 * Downgrade Attacks:
774Unhandled exception while running --fallback:
775timeout - timed out
776
777 * TLSV1_2 Cipher Suites:
778Unhandled exception while running --tlsv1_2:
779timeout - timed out
780
781 * TLSV1_1 Cipher Suites:
782 Forward Secrecy OK - Supported
783 RC4 OK - Not Supported
784
785 Preferred:
786 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
787 Accepted:
788 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
789 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
790 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
791 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
792 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
793 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
794 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
795 Undefined - An unexpected error happened:
796 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
797 TLS_RSA_WITH_AES_256_CBC_SHA256 timeout - timed out
798 TLS_RSA_WITH_AES_256_CBC_SHA timeout - timed out
799 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
800 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
801 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
802 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
803 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
804 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 timeout - timed out
805 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
806 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 timeout - timed out
807 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
808 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
809 TLS_DH_anon_WITH_AES_256_GCM_SHA384 timeout - timed out
810 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
811 TLS_DH_anon_WITH_AES_128_CBC_SHA timeout - timed out
812 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
813 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
814 TLS_DH_RSA_WITH_AES_256_CBC_SHA timeout - timed out
815 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
816 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
817 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
818 TLS_DH_DSS_WITH_AES_256_CBC_SHA timeout - timed out
819 TLS_DH_DSS_WITH_AES_128_CBC_SHA timeout - timed out
820 TLS_DHE_DSS_WITH_SEED_CBC_SHA timeout - timed out
821 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA timeout - timed out
822 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 timeout - timed out
823 TLS_DHE_DSS_WITH_AES_256_CBC_SHA timeout - timed out
824
825 * TLSV1 Cipher Suites:
826 Forward Secrecy OK - Supported
827 RC4 OK - Not Supported
828
829 Preferred:
830 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
831 Accepted:
832 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
833 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
834 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
835 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
836 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
837 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
838 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
839 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
840 Undefined - An unexpected error happened:
841 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 timeout - timed out
842 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 timeout - timed out
843 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA timeout - timed out
844 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 timeout - timed out
845 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 timeout - timed out
846 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA timeout - timed out
847 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA timeout - timed out
848 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
849 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 timeout - timed out
850 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 timeout - timed out
851
852
853 SCAN COMPLETED IN 133.77 S
854 --------------------------
855#####################################################################################################################################
856Domains still to check: 1
857 Checking if the hostname kyodo-senpaku.co.jp. given is in fact a domain...
858
859Analyzing domain: kyodo-senpaku.co.jp.
860 Checking NameServers using system default resolver...
861 IP: 210.166.249.129 (Japan)
862 HostName: ns2.namedserver.net Type: NS
863 HostName: ns02.namedserver.net Type: PTR
864 IP: 180.222.176.193 (Japan)
865 HostName: ns.namedserver.net Type: NS
866
867 Checking MailServers using system default resolver...
868 IP: 211.13.204.4 (Japan)
869 HostName: mx.kyodo-senpaku.co.jp Type: MX
870 HostName: mx.red.shared-server.net Type: PTR
871
872 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
873 No zone transfer found on nameserver 180.222.176.193
874 No zone transfer found on nameserver 210.166.249.129
875
876 Checking SPF record...
877 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 211.13.204.0/24, but only the network IP
878 New IP found: 211.13.204.0
879
880 Checking 192 most common hostnames using system default resolver...
881 IP: 211.13.196.135 (Japan)
882 HostName: www.kyodo-senpaku.co.jp. Type: A
883 IP: 211.13.204.2 (Japan)
884 HostName: ftp.kyodo-senpaku.co.jp. Type: A
885 IP: 211.13.204.4 (Japan)
886 HostName: mx.kyodo-senpaku.co.jp Type: MX
887 HostName: mx.red.shared-server.net Type: PTR
888 HostName: mx.kyodo-senpaku.co.jp. Type: A
889 IP: 211.13.204.5 (Japan)
890 HostName: smtp.kyodo-senpaku.co.jp. Type: A
891 IP: 211.13.204.5 (Japan)
892 HostName: smtp.kyodo-senpaku.co.jp. Type: A
893 HostName: pop.kyodo-senpaku.co.jp. Type: A
894 HostName: mail.red.shared-server.net Type: PTR
895 IP: 211.13.204.18 (Japan)
896 HostName: imap.kyodo-senpaku.co.jp. Type: A
897
898 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
899 Checking netblock 211.13.204.0
900 Checking netblock 180.222.176.0
901 Checking netblock 210.166.249.0
902 Checking netblock 211.13.196.0
903
904 Searching for kyodo-senpaku.co.jp. emails in Google
905
906 Checking 8 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
907 Host 211.13.204.4 is up (reset ttl 64)
908 Host 180.222.176.193 is up (reset ttl 64)
909 Host 211.13.204.0 is up (reset ttl 64)
910 Host 211.13.204.2 is up (reset ttl 64)
911 Host 211.13.204.5 is up (reset ttl 64)
912 Host 211.13.204.18 is up (reset ttl 64)
913 Host 210.166.249.129 is up (reset ttl 64)
914 Host 211.13.196.135 is up (reset ttl 64)
915
916 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
917 Scanning ip 211.13.204.4 (mx.kyodo-senpaku.co.jp.):
918 8008/tcp open http syn-ack ttl 44
919 | fingerprint-strings:
920 | FourOhFourRequest:
921 | HTTP/1.1 302 Found
922 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
923 | Connection: close
924 | X-Frame-Options: SAMEORIGIN
925 | X-XSS-Protection: 1; mode=block
926 | X-Content-Type-Options: nosniff
927 | Content-Security-Policy: frame-ancestors
928 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
929 | HTTP/1.1 302 Found
930 | Location: https://:8010
931 | Connection: close
932 | X-Frame-Options: SAMEORIGIN
933 | X-XSS-Protection: 1; mode=block
934 | X-Content-Type-Options: nosniff
935 | Content-Security-Policy: frame-ancestors
936 | GetRequest:
937 | HTTP/1.1 302 Found
938 | Location: https://:8010/
939 | Connection: close
940 | X-Frame-Options: SAMEORIGIN
941 | X-XSS-Protection: 1; mode=block
942 | X-Content-Type-Options: nosniff
943 |_ Content-Security-Policy: frame-ancestors
944 |_https-redirect: ERROR: Script execution failed (use -d to debug)
945 Scanning ip 180.222.176.193 (ns.namedserver.net):
946 Scanning ip 211.13.204.0 ():
947 Scanning ip 211.13.204.2 (ftp.kyodo-senpaku.co.jp.):
948 21/tcp open ftp syn-ack ttl 42 ProFTPD
949 OS Info: Service Info: Host: 211.13.204.2; OS: Unix
950 Scanning ip 211.13.204.5 (mail.red.shared-server.net (PTR)):
951 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
952 |_pop3-capabilities: PIPELINING TOP UIDL APOP AUTH-RESP-CODE STLS SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER CAPA RESP-CODES
953 |_ssl-date: 2020-01-19T19:27:24+00:00; -6s from scanner time.
954 465/tcp open ssl/smtps? syn-ack ttl 42
955 |_smtp-commands: Couldn't establish connection on port 465
956 |_ssl-date: 2020-01-19T19:27:24+00:00; -5s from scanner time.
957 587/tcp open smtp syn-ack ttl 43 Postfix smtpd
958 |_smtp-commands: m24-red.in.shared-server.net, PIPELINING, SIZE 31457280, ETRN, STARTTLS, AUTH SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, AUTH=SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
959 |_ssl-date: 2020-01-19T19:27:25+00:00; -5s from scanner time.
960 995/tcp open ssl/pop3s? syn-ack ttl 42
961 |_ssl-date: 2020-01-19T19:27:24+00:00; -5s from scanner time.
962 8008/tcp open http syn-ack ttl 45
963 | fingerprint-strings:
964 | FourOhFourRequest:
965 | HTTP/1.1 302 Found
966 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
967 | Connection: close
968 | X-Frame-Options: SAMEORIGIN
969 | X-XSS-Protection: 1; mode=block
970 | X-Content-Type-Options: nosniff
971 | Content-Security-Policy: frame-ancestors
972 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
973 | HTTP/1.1 302 Found
974 | Location: https://:8010
975 | Connection: close
976 | X-Frame-Options: SAMEORIGIN
977 | X-XSS-Protection: 1; mode=block
978 | X-Content-Type-Options: nosniff
979 | Content-Security-Policy: frame-ancestors
980 | GetRequest:
981 | HTTP/1.1 302 Found
982 | Location: https://:8010/
983 | Connection: close
984 | X-Frame-Options: SAMEORIGIN
985 | X-XSS-Protection: 1; mode=block
986 | X-Content-Type-Options: nosniff
987 |_ Content-Security-Policy: frame-ancestors
988 |_https-redirect: ERROR: Script execution failed (use -d to debug)
989 OS Info: Service Info: Host: m22-red.in.shared-server.net
990 Scanning ip 211.13.204.18 (imap.kyodo-senpaku.co.jp.):
991 Scanning ip 210.166.249.129 (ns02.namedserver.net (PTR)):
992 53/tcp open domain syn-ack ttl 46 PowerDNS Authoritative Server 4.1.5
993 | dns-nsid:
994 | NSID: bdns801.dnsserver.jp (62646e733830312e646e737365727665722e6a70)
995 | id.server: bdns801.dnsserver.jp
996 |_ bind.version: PowerDNS Authoritative Server 4.1.5 (built Nov 19 2019 19:44:01 by root@bdns801)
997 Scanning ip 211.13.196.135 (www.kyodo-senpaku.co.jp.):
998 80/tcp open http syn-ack ttl 43 Apache httpd
999 |_http-server-header: Apache
1000 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
1001 | http-methods:
1002 |_ Supported Methods: GET HEAD POST OPTIONS
1003 |_http-server-header: Apache
1004 |_http-title: 403 Forbidden
1005 | ssl-cert: Subject: commonName=sni.red.shared-server.net/organizationName=GMO CLOUD K.K./stateOrProvinceName=Tokyo/countryName=JP
1006 | Issuer: commonName=sni.red.shared-server.net/organizationName=GMO CLOUD K.K./stateOrProvinceName=Tokyo/countryName=JP
1007 | Public Key type: rsa
1008 | Public Key bits: 2048
1009 | Signature Algorithm: sha256WithRSAEncryption
1010 | Not valid before: 2017-04-10T02:09:25
1011 | Not valid after: 2027-04-08T02:09:25
1012 | MD5: 6ff1 61db 8866 391d 8e41 694d f3db eb65
1013 |_SHA-1: e0d2 7df4 75e8 60fc 5f37 802b cb93 739e 0e7f 588d
1014 |_ssl-date: TLS randomness does not represent time
1015 | tls-alpn:
1016 | h2
1017 |_ http/1.1
1018 WebCrawling domain's web servers... up to 50 max links.
1019
1020 + URL to crawl: http://mx.kyodo-senpaku.co.jp:8008
1021 + Date: 2020-01-19
1022
1023 + Crawling URL: http://mx.kyodo-senpaku.co.jp:8008:
1024 + Links:
1025 + Crawling http://mx.kyodo-senpaku.co.jp:8008 (timed out)
1026 + Searching for directories...
1027 + Searching open folders...
1028
1029
1030 + URL to crawl: http://mx.kyodo-senpaku.co.jp.:8008
1031 + Date: 2020-01-19
1032
1033 + Crawling URL: http://mx.kyodo-senpaku.co.jp.:8008:
1034 + Links:
1035 + Crawling http://mx.kyodo-senpaku.co.jp.:8008 (timed out)
1036 + Searching for directories...
1037 + Searching open folders...
1038
1039
1040 + URL to crawl: http://smtp.kyodo-senpaku.co.jp.:8008
1041 + Date: 2020-01-19
1042
1043 + Crawling URL: http://smtp.kyodo-senpaku.co.jp.:8008:
1044 + Links:
1045 + Crawling http://smtp.kyodo-senpaku.co.jp.:8008 (timed out)
1046 + Searching for directories...
1047 + Searching open folders...
1048
1049
1050 + URL to crawl: http://pop.kyodo-senpaku.co.jp.:8008
1051 + Date: 2020-01-19
1052
1053 + Crawling URL: http://pop.kyodo-senpaku.co.jp.:8008:
1054 + Links:
1055 + Crawling http://pop.kyodo-senpaku.co.jp.:8008 (timed out)
1056 + Searching for directories...
1057 + Searching open folders...
1058
1059
1060 + URL to crawl: http://www.kyodo-senpaku.co.jp.
1061 + Date: 2020-01-19
1062
1063 + Crawling URL: http://www.kyodo-senpaku.co.jp.:
1064 + Links:
1065 + Crawling http://www.kyodo-senpaku.co.jp.
1066 + Crawling http://www.kyodo-senpaku.co.jp./index.html
1067 + Crawling http://www.kyodo-senpaku.co.jp./contact.html
1068 + Crawling http://www.kyodo-senpaku.co.jp./news/
1069 + Crawling http://www.kyodo-senpaku.co.jp./services.html
1070 + Crawling http://www.kyodo-senpaku.co.jp./corporate.html
1071 + Crawling http://www.kyodo-senpaku.co.jp./recruit/
1072 + Crawling http://www.kyodo-senpaku.co.jp./feature/balenine/index.html
1073 + Crawling http://www.kyodo-senpaku.co.jp./feature/restaurant/index.html
1074 + Crawling http://www.kyodo-senpaku.co.jp./
1075 + Crawling http://www.kyodo-senpaku.co.jp./recruit/ohkoshi.html
1076 + Crawling http://www.kyodo-senpaku.co.jp./recruit/shimoda.html
1077 + Crawling http://www.kyodo-senpaku.co.jp./recruit/takedashintaro.html
1078 + Crawling http://www.kyodo-senpaku.co.jp./recruit/karitsuka.html
1079 + Crawling http://www.kyodo-senpaku.co.jp./recruit/kuwaoka.html
1080 + Crawling http://www.kyodo-senpaku.co.jp./recruit/matsukuchi.html
1081 + Crawling http://www.kyodo-senpaku.co.jp./recruit/aisaka.html
1082 + Crawling http://www.kyodo-senpaku.co.jp./recruit/baba.html
1083 + Crawling http://www.kyodo-senpaku.co.jp./recruit/index.html
1084 + Searching for directories...
1085 - Found: http://www.kyodo-senpaku.co.jp./news/
1086 - Found: http://www.kyodo-senpaku.co.jp./recruit/
1087 - Found: http://www.kyodo-senpaku.co.jp./feature/
1088 - Found: http://www.kyodo-senpaku.co.jp./feature/balenine/
1089 - Found: http://www.kyodo-senpaku.co.jp./feature/restaurant/
1090 - Found: http://www.kyodo-senpaku.co.jp./js/
1091 - Found: http://www.kyodo-senpaku.co.jp./js/libs/
1092 - Found: http://www.kyodo-senpaku.co.jp./css/
1093 - Found: http://www.kyodo-senpaku.co.jp./css/default/
1094 - Found: http://www.kyodo-senpaku.co.jp./css/libs/
1095 - Found: http://www.kyodo-senpaku.co.jp./images/
1096 - Found: http://www.kyodo-senpaku.co.jp./images/common/
1097 - Found: http://www.kyodo-senpaku.co.jp./images/top/
1098 - Found: http://www.kyodo-senpaku.co.jp./images/contact/
1099 - Found: http://www.kyodo-senpaku.co.jp./images/news/
1100 - Found: http://www.kyodo-senpaku.co.jp./images/services/
1101 - Found: http://www.kyodo-senpaku.co.jp./images/corporate/
1102 - Found: http://www.kyodo-senpaku.co.jp./images/recruit/
1103 - Found: http://www.kyodo-senpaku.co.jp./images/recruit/small/
1104 - Found: http://www.kyodo-senpaku.co.jp./feature/balenine/img/
1105 - Found: http://www.kyodo-senpaku.co.jp./feature/restaurant/img/
1106 + Searching open folders...
1107 - http://www.kyodo-senpaku.co.jp./news/ (No Open Folder)
1108 - http://www.kyodo-senpaku.co.jp./recruit/ (No Open Folder)
1109 - http://www.kyodo-senpaku.co.jp./feature/ (No Open Folder)
1110 - http://www.kyodo-senpaku.co.jp./feature/balenine/ (No Open Folder)
1111 - http://www.kyodo-senpaku.co.jp./feature/restaurant/ (No Open Folder)
1112 - http://www.kyodo-senpaku.co.jp./js/ (403 Forbidden)
1113 - http://www.kyodo-senpaku.co.jp./js/libs/ (403 Forbidden)
1114 - http://www.kyodo-senpaku.co.jp./css/ (403 Forbidden)
1115 - http://www.kyodo-senpaku.co.jp./css/default/ (403 Forbidden)
1116 - http://www.kyodo-senpaku.co.jp./css/libs/ (403 Forbidden)
1117 - http://www.kyodo-senpaku.co.jp./images/ (403 Forbidden)
1118 - http://www.kyodo-senpaku.co.jp./images/common/ (403 Forbidden)
1119 - http://www.kyodo-senpaku.co.jp./images/top/ (403 Forbidden)
1120 - http://www.kyodo-senpaku.co.jp./images/contact/ (403 Forbidden)
1121 - http://www.kyodo-senpaku.co.jp./images/news/ (403 Forbidden)
1122 - http://www.kyodo-senpaku.co.jp./images/services/ (403 Forbidden)
1123 - http://www.kyodo-senpaku.co.jp./images/corporate/ (403 Forbidden)
1124 - http://www.kyodo-senpaku.co.jp./images/recruit/ (403 Forbidden)
1125 - http://www.kyodo-senpaku.co.jp./images/recruit/small/ (403 Forbidden)
1126 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/ (403 Forbidden)
1127 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/ (403 Forbidden)
1128 + Crawl finished successfully.
1129----------------------------------------------------------------------
1130Summary of http://http://www.kyodo-senpaku.co.jp.
1131----------------------------------------------------------------------
1132+ Links crawled:
1133 - http://www.kyodo-senpaku.co.jp.
1134 - http://www.kyodo-senpaku.co.jp./
1135 - http://www.kyodo-senpaku.co.jp./contact.html
1136 - http://www.kyodo-senpaku.co.jp./corporate.html
1137 - http://www.kyodo-senpaku.co.jp./feature/balenine/index.html
1138 - http://www.kyodo-senpaku.co.jp./feature/restaurant/index.html
1139 - http://www.kyodo-senpaku.co.jp./index.html
1140 - http://www.kyodo-senpaku.co.jp./news/
1141 - http://www.kyodo-senpaku.co.jp./recruit/
1142 - http://www.kyodo-senpaku.co.jp./recruit/aisaka.html
1143 - http://www.kyodo-senpaku.co.jp./recruit/baba.html
1144 - http://www.kyodo-senpaku.co.jp./recruit/index.html
1145 - http://www.kyodo-senpaku.co.jp./recruit/karitsuka.html
1146 - http://www.kyodo-senpaku.co.jp./recruit/kuwaoka.html
1147 - http://www.kyodo-senpaku.co.jp./recruit/matsukuchi.html
1148 - http://www.kyodo-senpaku.co.jp./recruit/ohkoshi.html
1149 - http://www.kyodo-senpaku.co.jp./recruit/shimoda.html
1150 - http://www.kyodo-senpaku.co.jp./recruit/takedashintaro.html
1151 - http://www.kyodo-senpaku.co.jp./services.html
1152 Total links crawled: 19
1153
1154+ Links to files found:
1155 - http://www.kyodo-senpaku.co.jp./css/common.css
1156 - http://www.kyodo-senpaku.co.jp./css/contact.css
1157 - http://www.kyodo-senpaku.co.jp./css/corporate.css
1158 - http://www.kyodo-senpaku.co.jp./css/default/oocss.css
1159 - http://www.kyodo-senpaku.co.jp./css/default/reset.css
1160 - http://www.kyodo-senpaku.co.jp./css/libs/jquery.bxslider.css
1161 - http://www.kyodo-senpaku.co.jp./css/news.css
1162 - http://www.kyodo-senpaku.co.jp./css/recruit.css
1163 - http://www.kyodo-senpaku.co.jp./css/services.css
1164 - http://www.kyodo-senpaku.co.jp./css/top.css
1165 - http://www.kyodo-senpaku.co.jp./feature/balenine/balenine.css
1166 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/h2_01.gif
1167 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/h2_02.gif
1168 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/h2_03.gif
1169 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_01-1.gif
1170 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_01-2.gif
1171 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_02-1.jpg
1172 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_02-2.jpg
1173 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_02-3.gif
1174 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_03-1.gif
1175 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_03-2.gif
1176 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_03-3.gif
1177 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/img_03-4.gif
1178 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/kimg.jpg
1179 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/btn_gnavi.jpg
1180 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/btn_tabelog.jpg
1181 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/h3_restaurant_01.gif
1182 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/h3_restaurant_02.gif
1183 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/h3_restaurant_03.gif
1184 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_01-1.jpg
1185 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_01-2.jpg
1186 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_01-3.jpg
1187 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_01-4.jpg
1188 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_02-1.jpg
1189 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_02-2.jpg
1190 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_02-3.jpg
1191 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_02-4.jpg
1192 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_03-1.jpg
1193 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_03-2.jpg
1194 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_03-3.jpg
1195 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/img_03-4.jpg
1196 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/nav_01.gif
1197 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/nav_02.gif
1198 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/nav_03.gif
1199 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/title_restaurant.gif
1200 - http://www.kyodo-senpaku.co.jp./feature/restaurant/restaurant.css
1201 - http://www.kyodo-senpaku.co.jp./images/common/ban_recipe.jpg
1202 - http://www.kyodo-senpaku.co.jp./images/common/ban_twitter.gif
1203 - http://www.kyodo-senpaku.co.jp./images/common/footer_logo.gif
1204 - http://www.kyodo-senpaku.co.jp./images/common/gnav_corporate.gif
1205 - http://www.kyodo-senpaku.co.jp./images/common/gnav_corporate_off.gif
1206 - http://www.kyodo-senpaku.co.jp./images/common/gnav_home.gif
1207 - http://www.kyodo-senpaku.co.jp./images/common/gnav_home_off.gif
1208 - http://www.kyodo-senpaku.co.jp./images/common/gnav_news.gif
1209 - http://www.kyodo-senpaku.co.jp./images/common/gnav_news_off.gif
1210 - http://www.kyodo-senpaku.co.jp./images/common/gnav_recruit.gif
1211 - http://www.kyodo-senpaku.co.jp./images/common/gnav_recruit_off.gif
1212 - http://www.kyodo-senpaku.co.jp./images/common/gnav_services.gif
1213 - http://www.kyodo-senpaku.co.jp./images/common/gnav_services_off.gif
1214 - http://www.kyodo-senpaku.co.jp./images/common/header_btn_balenine.gif
1215 - http://www.kyodo-senpaku.co.jp./images/common/header_btn_blog.gif
1216 - http://www.kyodo-senpaku.co.jp./images/common/header_btn_bottom.gif
1217 - http://www.kyodo-senpaku.co.jp./images/common/header_btn_contact.gif
1218 - http://www.kyodo-senpaku.co.jp./images/common/header_logo.gif
1219 - http://www.kyodo-senpaku.co.jp./images/common/left_box_bottom.gif
1220 - http://www.kyodo-senpaku.co.jp./images/common/left_box_head.gif
1221 - http://www.kyodo-senpaku.co.jp./images/common/left_menu_001.jpg
1222 - http://www.kyodo-senpaku.co.jp./images/common/left_menu_02.jpg
1223 - http://www.kyodo-senpaku.co.jp./images/common/left_menu_03.jpg
1224 - http://www.kyodo-senpaku.co.jp./images/common/left_menu_bottom.gif
1225 - http://www.kyodo-senpaku.co.jp./images/common/left_title_001.jpg
1226 - http://www.kyodo-senpaku.co.jp./images/common/left_title_02.gif
1227 - http://www.kyodo-senpaku.co.jp./images/common/left_title_03.gif
1228 - http://www.kyodo-senpaku.co.jp./images/common/pagetop.gif
1229 - http://www.kyodo-senpaku.co.jp./images/common/white_box_bottom.gif
1230 - http://www.kyodo-senpaku.co.jp./images/common/white_box_head.gif
1231 - http://www.kyodo-senpaku.co.jp./images/contact/h2_contact.gif
1232 - http://www.kyodo-senpaku.co.jp./images/corporate/chart_new.jpg
1233 - http://www.kyodo-senpaku.co.jp./images/corporate/contact_btn.gif
1234 - http://www.kyodo-senpaku.co.jp./images/corporate/corporatehistory.pdf
1235 - http://www.kyodo-senpaku.co.jp./images/corporate/h2_title_01.gif
1236 - http://www.kyodo-senpaku.co.jp./images/corporate/h2_title_02.gif
1237 - http://www.kyodo-senpaku.co.jp./images/corporate/h2_title_03.gif
1238 - http://www.kyodo-senpaku.co.jp./images/corporate/h2_title_04.gif
1239 - http://www.kyodo-senpaku.co.jp./images/corporate/h2_title_05.gif
1240 - http://www.kyodo-senpaku.co.jp./images/corporate/img_01.jpg
1241 - http://www.kyodo-senpaku.co.jp./images/corporate/img_02.gif
1242 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_01.gif
1243 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_02.gif
1244 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_03.gif
1245 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_04.gif
1246 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_05.gif
1247 - http://www.kyodo-senpaku.co.jp./images/corporate/left_menu_title.gif
1248 - http://www.kyodo-senpaku.co.jp./images/corporate/main_img.jpg
1249 - http://www.kyodo-senpaku.co.jp./images/corporate/vessels.pdf
1250 - http://www.kyodo-senpaku.co.jp./images/news/left_menu_title.gif
1251 - http://www.kyodo-senpaku.co.jp./images/news/main_img.jpg
1252 - http://www.kyodo-senpaku.co.jp./images/recruit/detail_btn.gif
1253 - http://www.kyodo-senpaku.co.jp./images/recruit/h2_title_01.gif
1254 - http://www.kyodo-senpaku.co.jp./images/recruit/h2_title_02.gif
1255 - http://www.kyodo-senpaku.co.jp./images/recruit/img_aisaka_01.jpg
1256 - http://www.kyodo-senpaku.co.jp./images/recruit/img_aisaka_02.jpg
1257 - http://www.kyodo-senpaku.co.jp./images/recruit/img_aisaka_03.jpg
1258 - http://www.kyodo-senpaku.co.jp./images/recruit/img_baba_01.jpg
1259 - http://www.kyodo-senpaku.co.jp./images/recruit/img_baba_02.jpg
1260 - http://www.kyodo-senpaku.co.jp./images/recruit/img_baba_03.jpg
1261 - http://www.kyodo-senpaku.co.jp./images/recruit/img_karitsuka_01.jpg
1262 - http://www.kyodo-senpaku.co.jp./images/recruit/img_karitsuka_02.jpg
1263 - http://www.kyodo-senpaku.co.jp./images/recruit/img_karitsuka_03.jpg
1264 - http://www.kyodo-senpaku.co.jp./images/recruit/img_kuwaoka_01.jpg
1265 - http://www.kyodo-senpaku.co.jp./images/recruit/img_kuwaoka_02.jpg
1266 - http://www.kyodo-senpaku.co.jp./images/recruit/img_kuwaoka_03.jpg
1267 - http://www.kyodo-senpaku.co.jp./images/recruit/img_matsukuchi_01.jpg
1268 - http://www.kyodo-senpaku.co.jp./images/recruit/img_matsukuchi_02.jpg
1269 - http://www.kyodo-senpaku.co.jp./images/recruit/img_matsukuchi_03.jpg
1270 - http://www.kyodo-senpaku.co.jp./images/recruit/img_ohkoshi_01.jpg
1271 - http://www.kyodo-senpaku.co.jp./images/recruit/img_ohkoshi_02.jpg
1272 - http://www.kyodo-senpaku.co.jp./images/recruit/img_ohkoshi_03.jpg
1273 - http://www.kyodo-senpaku.co.jp./images/recruit/img_shimoda_01.jpg
1274 - http://www.kyodo-senpaku.co.jp./images/recruit/img_shimoda_02.jpg
1275 - http://www.kyodo-senpaku.co.jp./images/recruit/img_shimoda_03.jpg
1276 - http://www.kyodo-senpaku.co.jp./images/recruit/img_takeda_01.JPG
1277 - http://www.kyodo-senpaku.co.jp./images/recruit/img_takeda_02.JPG
1278 - http://www.kyodo-senpaku.co.jp./images/recruit/img_takeda_03.JPG
1279 - http://www.kyodo-senpaku.co.jp./images/recruit/left_menu_01.gif
1280 - http://www.kyodo-senpaku.co.jp./images/recruit/left_menu_02.gif
1281 - http://www.kyodo-senpaku.co.jp./images/recruit/left_menu_title.gif
1282 - http://www.kyodo-senpaku.co.jp./images/recruit/main_img.jpg
1283 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_aisaka.jpg
1284 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_baba.jpg
1285 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_karitsuka.jpg
1286 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_kuwaoka.jpg
1287 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_matsukuchi.jpg
1288 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_ohkoshi.jpg
1289 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_shimoda.jpg
1290 - http://www.kyodo-senpaku.co.jp./images/recruit/small/img_takeda.jpg
1291 - http://www.kyodo-senpaku.co.jp./images/services/h2_title_02.gif
1292 - http://www.kyodo-senpaku.co.jp./images/services/h2_title_03.gif
1293 - http://www.kyodo-senpaku.co.jp./images/services/img_01.jpg
1294 - http://www.kyodo-senpaku.co.jp./images/services/img_02.jpg
1295 - http://www.kyodo-senpaku.co.jp./images/services/img_02new.jpg
1296 - http://www.kyodo-senpaku.co.jp./images/services/img_03.jpg
1297 - http://www.kyodo-senpaku.co.jp./images/services/img_04.jpg
1298 - http://www.kyodo-senpaku.co.jp./images/services/left_menu_01new.gif
1299 - http://www.kyodo-senpaku.co.jp./images/services/left_menu_02.gif
1300 - http://www.kyodo-senpaku.co.jp./images/services/left_menu_03.gif
1301 - http://www.kyodo-senpaku.co.jp./images/services/left_menu_title.gif
1302 - http://www.kyodo-senpaku.co.jp./images/services/main_img.jpg
1303 - http://www.kyodo-senpaku.co.jp./images/top/balenine_img.jpg
1304 - http://www.kyodo-senpaku.co.jp./images/top/catebox_bottom.gif
1305 - http://www.kyodo-senpaku.co.jp./images/top/catebox_head.gif
1306 - http://www.kyodo-senpaku.co.jp./images/top/corporate_img.jpg
1307 - http://www.kyodo-senpaku.co.jp./images/top/main_img_01.jpg
1308 - http://www.kyodo-senpaku.co.jp./images/top/main_img_02.jpg
1309 - http://www.kyodo-senpaku.co.jp./images/top/main_img_03.jpg
1310 - http://www.kyodo-senpaku.co.jp./images/top/main_img_04.jpg
1311 - http://www.kyodo-senpaku.co.jp./images/top/main_img_05.jpg
1312 - http://www.kyodo-senpaku.co.jp./images/top/news_box_bottom.gif
1313 - http://www.kyodo-senpaku.co.jp./images/top/news_box_head.gif
1314 - http://www.kyodo-senpaku.co.jp./images/top/recruit_img.jpg
1315 - http://www.kyodo-senpaku.co.jp./images/top/services_img.jpg
1316 - http://www.kyodo-senpaku.co.jp./images/top/top_h2_01.gif
1317 - http://www.kyodo-senpaku.co.jp./images/top/top_h2_02.gif
1318 - http://www.kyodo-senpaku.co.jp./images/top/top_h2_03.gif
1319 - http://www.kyodo-senpaku.co.jp./images/top/top_h2_04.gif
1320 - http://www.kyodo-senpaku.co.jp./images/top/top_h2_05.gif
1321 - http://www.kyodo-senpaku.co.jp./js/libs/jquery-1.7.1.min.js
1322 - http://www.kyodo-senpaku.co.jp./js/libs/jquery.bxslider.min.js
1323 - http://www.kyodo-senpaku.co.jp./js/libs/page-scroller.js
1324 - http://www.kyodo-senpaku.co.jp./js/libs/rollover.js
1325 - http://www.kyodo-senpaku.co.jp./recruit/ban_recipe.jpg
1326 - http://www.kyodo-senpaku.co.jp./recruit/ban_twitter.gif
1327 - http://www.kyodo-senpaku.co.jp./recruit/common.css
1328 - http://www.kyodo-senpaku.co.jp./recruit/detail_btn.gif
1329 - http://www.kyodo-senpaku.co.jp./recruit/footer_logo.gif
1330 - http://www.kyodo-senpaku.co.jp./recruit/gnav_corporate_off.gif
1331 - http://www.kyodo-senpaku.co.jp./recruit/gnav_home_off.gif
1332 - http://www.kyodo-senpaku.co.jp./recruit/gnav_news_off.gif
1333 - http://www.kyodo-senpaku.co.jp./recruit/gnav_recruit.gif
1334 - http://www.kyodo-senpaku.co.jp./recruit/gnav_services_off.gif
1335 - http://www.kyodo-senpaku.co.jp./recruit/h2_title_01.gif
1336 - http://www.kyodo-senpaku.co.jp./recruit/header_btn_balenine.gif
1337 - http://www.kyodo-senpaku.co.jp./recruit/header_btn_blog.gif
1338 - http://www.kyodo-senpaku.co.jp./recruit/header_btn_bottom.gif
1339 - http://www.kyodo-senpaku.co.jp./recruit/header_btn_contact.gif
1340 - http://www.kyodo-senpaku.co.jp./recruit/header_logo.gif
1341 - http://www.kyodo-senpaku.co.jp./recruit/jquery-1.7.1.min.js
1342 - http://www.kyodo-senpaku.co.jp./recruit/left_box_bottom.gif
1343 - http://www.kyodo-senpaku.co.jp./recruit/left_box_head.gif
1344 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_01.gif
1345 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_02.gif
1346 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_02.jpg
1347 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_03.jpg
1348 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_bottom.gif
1349 - http://www.kyodo-senpaku.co.jp./recruit/left_menu_title.gif
1350 - http://www.kyodo-senpaku.co.jp./recruit/left_title_02.gif
1351 - http://www.kyodo-senpaku.co.jp./recruit/left_title_03.gif
1352 - http://www.kyodo-senpaku.co.jp./recruit/main_img.jpg
1353 - http://www.kyodo-senpaku.co.jp./recruit/oocss.css
1354 - http://www.kyodo-senpaku.co.jp./recruit/page-scroller.js
1355 - http://www.kyodo-senpaku.co.jp./recruit/pagetop.gif
1356 - http://www.kyodo-senpaku.co.jp./recruit/recruit.css
1357 - http://www.kyodo-senpaku.co.jp./recruit/reset.css
1358 - http://www.kyodo-senpaku.co.jp./recruit/rollover.js
1359 - http://www.kyodo-senpaku.co.jp./recruit/white_box_bottom.gif
1360 - http://www.kyodo-senpaku.co.jp./recruit/white_box_head.gif
1361 Total links to files: 206
1362
1363+ Externals links found:
1364 - http://r.gnavi.co.jp/635ypyeu0000/
1365 - http://r.gnavi.co.jp/7161a9mk0000/
1366 - http://r.gnavi.co.jp/g492118/
1367 - http://tabelog.com/tokyo/A1310/A131002/13115518/
1368 - http://tabelog.com/tokyo/A1311/A131102/13003684/
1369 - http://tabelog.com/tokyo/A1311/A131102/13035269/
1370 - http://www.jfa.maff.go.jp/j/press/kokusai/181112.html
1371 - http://www.jfa.maff.go.jp/j/press/kokusai/190701.html
1372 - http://www.kyodo-senpaku.co.jp/contact.html
1373 - http://www.kyodo-senpaku.co.jp/feature/balenine/index.html
1374 - http://www.kyodo-senpaku.co.jp/news/2017/09/
1375 - http://www.kyodo-senpaku.co.jp/news/2017/10/
1376 - http://www.kyodo-senpaku.co.jp/news/2017/11/
1377 - http://www.kyodo-senpaku.co.jp/news/2018/04/
1378 - http://www.kyodo-senpaku.co.jp/news/2018/05/
1379 - http://www.kyodo-senpaku.co.jp/news/2018/08/
1380 - http://www.kyodo-senpaku.co.jp/news/2018/11/
1381 - http://www.kyodo-senpaku.co.jp/news/2019/01/
1382 - http://www.kyodo-senpaku.co.jp/news/2019/06/
1383 - http://www.kyodo-senpaku.co.jp/news/2019/07/
1384 - http://www.kyodo-senpaku.co.jp/news/2019/08/
1385 - http://www.kyodo-senpaku.co.jp/news/2019/10/
1386 - http://www.kyodo-senpaku.co.jp/news/20190701%E6%97%A5%E6%96%B0%E4%B8%B8%E5%87%BA%E6%B8%AF.jpeg
1387 - http://www.kyodo-senpaku.co.jp/news/20190704%E5%88%9D%E6%BC%81%E5%BC%8F.jpg
1388 - http://www.kyodo-senpaku.co.jp/news/20190730NisshinMaru2.jpg
1389 - http://www.kyodo-senpaku.co.jp/news/20191004NS.jpeg
1390 - http://www.kyodo-senpaku.co.jp/news/N4%E5%8D%97%E5%87%BA%E6%B8%AF.jpg
1391 - http://www.kyodo-senpaku.co.jp/news/hogeido%20shashinten.jpg
1392 - http://www.kyodo-senpaku.co.jp/news/index_2.html
1393 - http://www.kyodo-senpaku.co.jp/wordpress/blog
1394 - http://www.kyodohanbai.co.jp/
1395 - http://www.whaling.jp/info/recipe/index.html
1396 - https://colorme-repeat.jp/8/71196b35/imidabalenine02pc
1397 - https://platform.twitter.com/widgets.js
1398 - https://twitter.com/Baleninechan
1399 - https://twitter.com/Baleninechan?ref_
1400 - https://www.facebook.com/pages/%E3%83%90%E3%83%AC%E3%83%8B%E3%83%B3%E3%81%A1%E3%82%83%E3%82%93/282017422004686
1401 - https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3241.9892069446064!2d139.770378204231!3d35.6526375504591!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x60188bd519769059%3A0x63f524d7045a987d!2z5p2x5Lqs6YO95Lit5aSu5Yy66LGK5rW355S677yU4oiS77yVIOixiua1t-aMr-iIiOODk-ODqw!5e0!3m2!1sja!2sjp!4v1407991471668
1402 - https://www.icrwhale.org/181112ReleaseJp.html
1403 - https://www.whaling.jp/recipe/
1404 Total external links: 40
1405
1406+ Email addresses found:
1407 Total email address found: 0
1408
1409+ Directories found:
1410 - http://www.kyodo-senpaku.co.jp./css/ (403 Forbidden)
1411 - http://www.kyodo-senpaku.co.jp./css/default/ (403 Forbidden)
1412 - http://www.kyodo-senpaku.co.jp./css/libs/ (403 Forbidden)
1413 - http://www.kyodo-senpaku.co.jp./feature/ (No open folder)
1414 - http://www.kyodo-senpaku.co.jp./feature/balenine/ (No open folder)
1415 - http://www.kyodo-senpaku.co.jp./feature/balenine/img/ (403 Forbidden)
1416 - http://www.kyodo-senpaku.co.jp./feature/restaurant/ (No open folder)
1417 - http://www.kyodo-senpaku.co.jp./feature/restaurant/img/ (403 Forbidden)
1418 - http://www.kyodo-senpaku.co.jp./images/ (403 Forbidden)
1419 - http://www.kyodo-senpaku.co.jp./images/common/ (403 Forbidden)
1420 - http://www.kyodo-senpaku.co.jp./images/contact/ (403 Forbidden)
1421 - http://www.kyodo-senpaku.co.jp./images/corporate/ (403 Forbidden)
1422 - http://www.kyodo-senpaku.co.jp./images/news/ (403 Forbidden)
1423 - http://www.kyodo-senpaku.co.jp./images/recruit/ (403 Forbidden)
1424 - http://www.kyodo-senpaku.co.jp./images/recruit/small/ (403 Forbidden)
1425 - http://www.kyodo-senpaku.co.jp./images/services/ (403 Forbidden)
1426 - http://www.kyodo-senpaku.co.jp./images/top/ (403 Forbidden)
1427 - http://www.kyodo-senpaku.co.jp./js/ (403 Forbidden)
1428 - http://www.kyodo-senpaku.co.jp./js/libs/ (403 Forbidden)
1429 - http://www.kyodo-senpaku.co.jp./news/ (No open folder)
1430 - http://www.kyodo-senpaku.co.jp./recruit/ (No open folder)
1431 Total directories: 21
1432
1433+ Directory indexing found:
1434 Total directories with indexing: 0
1435
1436----------------------------------------------------------------------
1437
1438
1439 + URL to crawl: https://www.kyodo-senpaku.co.jp.
1440 + Date: 2020-01-19
1441
1442 + Crawling URL: https://www.kyodo-senpaku.co.jp.:
1443 + Links:
1444 + Crawling https://www.kyodo-senpaku.co.jp. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1445 + Searching for directories...
1446 + Searching open folders...
1447
1448--Finished--
1449Summary information for domain kyodo-senpaku.co.jp.
1450-----------------------------------------
1451
1452 Domain Ips Information:
1453 IP: 211.13.204.4
1454 HostName: mx.kyodo-senpaku.co.jp Type: MX
1455 HostName: mx.red.shared-server.net Type: PTR
1456 HostName: mx.kyodo-senpaku.co.jp. Type: A
1457 Country: Japan
1458 Is Active: True (reset ttl 64)
1459 Port: 8008/tcp open http syn-ack ttl 44
1460 Script Info: | fingerprint-strings:
1461 Script Info: | FourOhFourRequest:
1462 Script Info: | HTTP/1.1 302 Found
1463 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1464 Script Info: | Connection: close
1465 Script Info: | X-Frame-Options: SAMEORIGIN
1466 Script Info: | X-XSS-Protection: 1; mode=block
1467 Script Info: | X-Content-Type-Options: nosniff
1468 Script Info: | Content-Security-Policy: frame-ancestors
1469 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1470 Script Info: | HTTP/1.1 302 Found
1471 Script Info: | Location: https://:8010
1472 Script Info: | Connection: close
1473 Script Info: | X-Frame-Options: SAMEORIGIN
1474 Script Info: | X-XSS-Protection: 1; mode=block
1475 Script Info: | X-Content-Type-Options: nosniff
1476 Script Info: | Content-Security-Policy: frame-ancestors
1477 Script Info: | GetRequest:
1478 Script Info: | HTTP/1.1 302 Found
1479 Script Info: | Location: https://:8010/
1480 Script Info: | Connection: close
1481 Script Info: | X-Frame-Options: SAMEORIGIN
1482 Script Info: | X-XSS-Protection: 1; mode=block
1483 Script Info: | X-Content-Type-Options: nosniff
1484 Script Info: |_ Content-Security-Policy: frame-ancestors
1485 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1486 IP: 180.222.176.193
1487 HostName: ns.namedserver.net Type: NS
1488 Country: Japan
1489 Is Active: True (reset ttl 64)
1490 IP: 211.13.204.0
1491 Type: SPF
1492 Is Active: True (reset ttl 64)
1493 IP: 211.13.204.2
1494 HostName: ftp.kyodo-senpaku.co.jp. Type: A
1495 Country: Japan
1496 Is Active: True (reset ttl 64)
1497 Port: 21/tcp open ftp syn-ack ttl 42 ProFTPD
1498 Os Info: Host: 211.13.204.2; OS: Unix
1499 IP: 211.13.204.5
1500 HostName: smtp.kyodo-senpaku.co.jp. Type: A
1501 HostName: pop.kyodo-senpaku.co.jp. Type: A
1502 HostName: mail.red.shared-server.net Type: PTR
1503 Country: Japan
1504 Is Active: True (reset ttl 64)
1505 Port: 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
1506 Script Info: |_pop3-capabilities: PIPELINING TOP UIDL APOP AUTH-RESP-CODE STLS SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER CAPA RESP-CODES
1507 Script Info: |_ssl-date: 2020-01-19T19:27:24+00:00; -6s from scanner time.
1508 Port: 465/tcp open ssl/smtps? syn-ack ttl 42
1509 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1510 Script Info: |_ssl-date: 2020-01-19T19:27:24+00:00; -5s from scanner time.
1511 Port: 587/tcp open smtp syn-ack ttl 43 Postfix smtpd
1512 Script Info: |_smtp-commands: m24-red.in.shared-server.net, PIPELINING, SIZE 31457280, ETRN, STARTTLS, AUTH SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, AUTH=SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1513 Script Info: |_ssl-date: 2020-01-19T19:27:25+00:00; -5s from scanner time.
1514 Port: 995/tcp open ssl/pop3s? syn-ack ttl 42
1515 Script Info: |_ssl-date: 2020-01-19T19:27:24+00:00; -5s from scanner time.
1516 Port: 8008/tcp open http syn-ack ttl 45
1517 Script Info: | fingerprint-strings:
1518 Script Info: | FourOhFourRequest:
1519 Script Info: | HTTP/1.1 302 Found
1520 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1521 Script Info: | Connection: close
1522 Script Info: | X-Frame-Options: SAMEORIGIN
1523 Script Info: | X-XSS-Protection: 1; mode=block
1524 Script Info: | X-Content-Type-Options: nosniff
1525 Script Info: | Content-Security-Policy: frame-ancestors
1526 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1527 Script Info: | HTTP/1.1 302 Found
1528 Script Info: | Location: https://:8010
1529 Script Info: | Connection: close
1530 Script Info: | X-Frame-Options: SAMEORIGIN
1531 Script Info: | X-XSS-Protection: 1; mode=block
1532 Script Info: | X-Content-Type-Options: nosniff
1533 Script Info: | Content-Security-Policy: frame-ancestors
1534 Script Info: | GetRequest:
1535 Script Info: | HTTP/1.1 302 Found
1536 Script Info: | Location: https://:8010/
1537 Script Info: | Connection: close
1538 Script Info: | X-Frame-Options: SAMEORIGIN
1539 Script Info: | X-XSS-Protection: 1; mode=block
1540 Script Info: | X-Content-Type-Options: nosniff
1541 Script Info: |_ Content-Security-Policy: frame-ancestors
1542 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1543 Os Info: Host: m22-red.in.shared-server.net
1544 IP: 211.13.204.18
1545 HostName: imap.kyodo-senpaku.co.jp. Type: A
1546 Country: Japan
1547 Is Active: True (reset ttl 64)
1548 IP: 210.166.249.129
1549 HostName: ns2.namedserver.net Type: NS
1550 HostName: ns02.namedserver.net Type: PTR
1551 Country: Japan
1552 Is Active: True (reset ttl 64)
1553 Port: 53/tcp open domain syn-ack ttl 46 PowerDNS Authoritative Server 4.1.5
1554 Script Info: | dns-nsid:
1555 Script Info: | NSID: bdns801.dnsserver.jp (62646e733830312e646e737365727665722e6a70)
1556 Script Info: | id.server: bdns801.dnsserver.jp
1557 Script Info: |_ bind.version: PowerDNS Authoritative Server 4.1.5 (built Nov 19 2019 19:44:01 by root@bdns801)
1558 IP: 211.13.196.135
1559 HostName: www.kyodo-senpaku.co.jp. Type: A
1560 Country: Japan
1561 Is Active: True (reset ttl 64)
1562 Port: 80/tcp open http syn-ack ttl 43 Apache httpd
1563 Script Info: |_http-server-header: Apache
1564 Port: 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
1565 Script Info: | http-methods:
1566 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1567 Script Info: |_http-server-header: Apache
1568 Script Info: |_http-title: 403 Forbidden
1569 Script Info: | ssl-cert: Subject: commonName=sni.red.shared-server.net/organizationName=GMO CLOUD K.K./stateOrProvinceName=Tokyo/countryName=JP
1570 Script Info: | Issuer: commonName=sni.red.shared-server.net/organizationName=GMO CLOUD K.K./stateOrProvinceName=Tokyo/countryName=JP
1571 Script Info: | Public Key type: rsa
1572 Script Info: | Public Key bits: 2048
1573 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1574 Script Info: | Not valid before: 2017-04-10T02:09:25
1575 Script Info: | Not valid after: 2027-04-08T02:09:25
1576 Script Info: | MD5: 6ff1 61db 8866 391d 8e41 694d f3db eb65
1577 Script Info: |_SHA-1: e0d2 7df4 75e8 60fc 5f37 802b cb93 739e 0e7f 588d
1578 Script Info: |_ssl-date: TLS randomness does not represent time
1579 Script Info: | tls-alpn:
1580 Script Info: | h2
1581 Script Info: |_ http/1.1
1582
1583--------------End Summary --------------
1584-----------------------------------------
1585####################################################################################################################################
1586traceroute to www.kyodo-senpaku.co.jp (211.13.196.135), 30 hops max, 60 byte packets
1587 1 10.251.204.1 (10.251.204.1) 33.701 ms 65.942 ms 65.929 ms
1588 2 104.245.145.177 (104.245.145.177) 65.928 ms 65.915 ms 65.901 ms
1589 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 65.921 ms 65.915 ms 70.131 ms
1590 4 te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 65.847 ms 70.004 ms 70.041 ms
1591 5 te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161) 65.708 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 65.664 ms 65.655 ms
1592 6 be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 101.613 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 40.372 ms 60.662 ms
1593 7 be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 90.483 ms 90.419 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 90.416 ms
1594 8 be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178) 90.416 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18) 90.397 ms 90.379 ms
1595 9 ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121) 90.375 ms 90.334 ms 90.329 ms
159610 ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191) 168.279 ms 168.230 ms 168.233 ms
159711 ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42) 168.232 ms 168.215 ms 203.323 ms
159812 ae-0.r22.sttlwa01.us.bb.gin.ntt.net (129.250.6.29) 149.223 ms 109.656 ms 149.161 ms
159913 ae-13.r30.tokyjp05.jp.bb.gin.ntt.net (129.250.4.143) 213.240 ms 213.315 ms 213.209 ms
160014 ae-2.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.6.127) 213.270 ms 213.222 ms 242.861 ms
160115 61.120.144.210 (61.120.144.210) 213.114 ms 213.069 ms 213.062 ms
160216 * IKB-CORE-GR61-TG11.mex.ad.jp (210.155.131.78) 200.858 ms IKB-CORE-GR62-TG11.mex.ad.jp (210.155.131.107) 212.916 ms
160317 210.155.132.27 (210.155.132.27) 212.806 ms 209.594 ms 193.785 ms
160418 IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179) 317.612 ms 273.826 ms 273.741 ms
1605####################################################################################################################################
1606----- kyodo-senpaku.co.jp -----
1607
1608
1609Host's addresses:
1610__________________
1611
1612kyodo-senpaku.co.jp. 2982 IN A 211.13.196.135
1613
1614
1615Name Servers:
1616______________
1617
1618ns2.namedserver.net. 81509 IN A 210.166.249.129
1619ns.namedserver.net. 81509 IN A 180.222.176.193
1620
1621
1622Mail (MX) Servers:
1623___________________
1624
1625mx.kyodo-senpaku.co.jp. 3201 IN A 211.13.204.4
1626
1627
1628Brute forcing with /usr/share/dnsenum/dns.txt:
1629_______________________________________________
1630
1631ftp.kyodo-senpaku.co.jp. 2959 IN A 211.13.204.2
1632mx.kyodo-senpaku.co.jp. 3154 IN A 211.13.204.4
1633pop.kyodo-senpaku.co.jp. 3183 IN A 211.13.204.5
1634smtp.kyodo-senpaku.co.jp. 3178 IN A 211.13.204.5
1635www.kyodo-senpaku.co.jp. 2539 IN A 211.13.196.135
1636
1637
1638Launching Whois Queries:
1639_________________________
1640
1641 whois ip result: 211.13.196.0 -> 211.13.192.0/21
1642 c class default: 211.13.204.0 -> 211.13.204.0/24 (whois netrange operation failed)
1643
1644
1645kyodo-senpaku.co.jp___________________
1646
1647 211.13.192.0/21
1648 211.13.204.0/24
1649####################################################################################################################################
1650WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1651Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:11 EST
1652Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
1653Host is up (0.15s latency).
1654Not shown: 490 filtered ports, 4 closed ports
1655Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1656PORT STATE SERVICE
165780/tcp open http
1658443/tcp open https
1659
1660Nmap done: 1 IP address (1 host up) scanned in 9.01 seconds
1661#####################################################################################################################################
1662Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:11 EST
1663Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
1664Host is up (0.064s latency).
1665Not shown: 2 filtered ports
1666PORT STATE SERVICE
166753/udp open|filtered domain
166867/udp open|filtered dhcps
166968/udp open|filtered dhcpc
167069/udp open|filtered tftp
167188/udp open|filtered kerberos-sec
1672123/udp open|filtered ntp
1673139/udp open|filtered netbios-ssn
1674161/udp open|filtered snmp
1675162/udp open|filtered snmptrap
1676389/udp open|filtered ldap
1677500/udp open|filtered isakmp
1678520/udp open|filtered route
16792049/udp open|filtered nfs
1680
1681Nmap done: 1 IP address (1 host up) scanned in 3.68 seconds
1682#####################################################################################################################################
1683HTTP/1.1 403 Forbidden
1684Date: Sun, 19 Jan 2020 19:11:58 GMT
1685Server: Apache
1686Content-Type: text/html; charset=iso-8859-1
1687#####################################################################################################################################
1688wig - WebApp Information Gatherer
1689
1690
1691Scanning http://211.13.196.135...
1692_____________________ SITE INFO ______________________
1693IP Title
1694211.13.196.135 403 Forbidden
1695
1696______________________ VERSION _______________________
1697Name Versions Type
1698Apache Platform
1699
1700____________________ INTERESTING _____________________
1701URL Note Type
1702/readme.html Readme file Interesting
1703/install.php Installation file Interesting
1704/test.php Test file Interesting
1705
1706______________________________________________________
1707Time: 32.9 sec Urls: 599 Fingerprints: 40401
1708#####################################################################################################################################
1709Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:13 EST
1710NSE: Loaded 162 scripts for scanning.
1711NSE: Script Pre-scanning.
1712Initiating NSE at 14:13
1713Completed NSE at 14:13, 0.00s elapsed
1714Initiating NSE at 14:13
1715Completed NSE at 14:13, 0.00s elapsed
1716Initiating Parallel DNS resolution of 1 host. at 14:13
1717Completed Parallel DNS resolution of 1 host. at 14:13, 0.02s elapsed
1718Initiating SYN Stealth Scan at 14:13
1719Scanning sv3.isle.ne.jp (211.13.196.135) [1 port]
1720Discovered open port 80/tcp on 211.13.196.135
1721Completed SYN Stealth Scan at 14:13, 0.32s elapsed (1 total ports)
1722Initiating Service scan at 14:13
1723Scanning 1 service on sv3.isle.ne.jp (211.13.196.135)
1724Completed Service scan at 14:13, 6.48s elapsed (1 service on 1 host)
1725Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
1726Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
1727Initiating Traceroute at 14:13
1728Completed Traceroute at 14:13, 3.14s elapsed
1729Initiating Parallel DNS resolution of 20 hosts. at 14:13
1730Completed Parallel DNS resolution of 20 hosts. at 14:13, 6.21s elapsed
1731NSE: Script scanning 211.13.196.135.
1732Initiating NSE at 14:13
1733NSE Timing: About 37.59% done; ETC: 14:14 (0:00:51 remaining)
1734NSE Timing: About 69.12% done; ETC: 14:15 (0:00:33 remaining)
1735Completed NSE at 14:15, 90.33s elapsed
1736Initiating NSE at 14:15
1737Completed NSE at 14:15, 8.30s elapsed
1738Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
1739Host is up (0.23s latency).
1740
1741PORT STATE SERVICE VERSION
174280/tcp open http Apache httpd
1743|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1744| http-brute:
1745|_ Path "/" does not require authentication
1746|_http-fetch: Please enter the complete path of the directory to save data in.
1747|_http-server-header: Apache
1748|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1749|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1750|_http-xssed: No previously reported XSS vuln.
1751| vulscan: VulDB - https://vuldb.com:
1752| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1753| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1754| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1755| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1756| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1757| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1758| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1759| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1760| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1761| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1762| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1763| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1764| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1765| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1766| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1767| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1768| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1769| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1770| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1771| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1772| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1773| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1774| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1775| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1776| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1777| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1778| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1779| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1780| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1781| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1782| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1783| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1784| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1785| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1786| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1787| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1788| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1789| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1790| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1791| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1792| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1793| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1794| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1795| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1796| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1797| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1798| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1799| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1800| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1801| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1802| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1803| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1804| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1805| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1806| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1807| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1808| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1809| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1810| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1811| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1812| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1813| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1814| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1815| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1816| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1817| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1818| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1819| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1820| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1821| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1822| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1823| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1824| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1825| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1826| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1827| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1828| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1829| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1830| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1831| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1832| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1833| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1834| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1835| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1836| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1837| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1838| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1839| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1840| [136370] Apache Fineract up to 1.2.x sql injection
1841| [136369] Apache Fineract up to 1.2.x sql injection
1842| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1843| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1844| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1845| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1846| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1847| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1848| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1849| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1850| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1851| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1852| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1853| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1854| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1855| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1856| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1857| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1858| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1859| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1860| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1861| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1862| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1863| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1864| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1865| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1866| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1867| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1868| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1869| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1870| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1871| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1872| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1873| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1874| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1875| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1876| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1877| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1878| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1879| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1880| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1881| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1882| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1883| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1884| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1885| [130629] Apache Guacamole Cookie Flag weak encryption
1886| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1887| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1888| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1889| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1890| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1891| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1892| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1893| [130123] Apache Airflow up to 1.8.2 information disclosure
1894| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1895| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1896| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1897| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1898| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1899| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1900| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1901| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1902| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1903| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1904| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1905| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1906| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1907| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1908| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1909| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1910| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1911| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1912| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1913| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1914| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1915| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1916| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1917| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1918| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1919| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1920| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1921| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1922| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1923| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1924| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1925| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1926| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1927| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1928| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1929| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1930| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1931| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1932| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1933| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1934| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1935| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1936| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1937| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1938| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1939| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1940| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1941| [127007] Apache Spark Request Code Execution
1942| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1943| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1944| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1945| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1946| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1947| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1948| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1949| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1950| [126346] Apache Tomcat Path privilege escalation
1951| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1952| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1953| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1954| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1955| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1956| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1957| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1958| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1959| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1960| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1961| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1962| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1963| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1964| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1965| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1966| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1967| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1968| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1969| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1970| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1971| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1972| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1973| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1974| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1975| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1976| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1977| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1978| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1979| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1980| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1981| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1982| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1983| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1984| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1985| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1986| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1987| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1988| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1989| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1990| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1991| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1992| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1993| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1994| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1995| [123197] Apache Sentry up to 2.0.0 privilege escalation
1996| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1997| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1998| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1999| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2000| [122800] Apache Spark 1.3.0 REST API weak authentication
2001| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2002| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2003| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2004| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2005| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2006| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2007| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2008| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2009| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2010| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2011| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2012| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2013| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2014| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2015| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2016| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2017| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2018| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2019| [121354] Apache CouchDB HTTP API Code Execution
2020| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2021| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2022| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2023| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2024| [120168] Apache CXF weak authentication
2025| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2026| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2027| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2028| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2029| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2030| [119306] Apache MXNet Network Interface privilege escalation
2031| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2032| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2033| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2034| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2035| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2036| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2037| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2038| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2039| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2040| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2041| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2042| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2043| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2044| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2045| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2046| [117115] Apache Tika up to 1.17 tika-server command injection
2047| [116929] Apache Fineract getReportType Parameter privilege escalation
2048| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2049| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2050| [116926] Apache Fineract REST Parameter privilege escalation
2051| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2052| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2053| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2054| [115883] Apache Hive up to 2.3.2 privilege escalation
2055| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2056| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2057| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2058| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2059| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2060| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2061| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2062| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2063| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2064| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2065| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2066| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2067| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2068| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2069| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2070| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2071| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2072| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2073| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2074| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2075| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2076| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2077| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2078| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2079| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2080| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2081| [113895] Apache Geode up to 1.3.x Code Execution
2082| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2083| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2084| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2085| [113747] Apache Tomcat Servlets privilege escalation
2086| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2087| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2088| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2089| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2090| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2091| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2092| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2093| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2094| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2095| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2096| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2097| [112885] Apache Allura up to 1.8.0 File information disclosure
2098| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2099| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2100| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2101| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2102| [112625] Apache POI up to 3.16 Loop denial of service
2103| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2104| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2105| [112339] Apache NiFi 1.5.0 Header privilege escalation
2106| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2107| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2108| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2109| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2110| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2111| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2112| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2113| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2114| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2115| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2116| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2117| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2118| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2119| [112114] Oracle 9.1 Apache Log4j privilege escalation
2120| [112113] Oracle 9.1 Apache Log4j privilege escalation
2121| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2122| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2123| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2124| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2125| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2126| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2127| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2128| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2129| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2130| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2131| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2132| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2133| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2134| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2135| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2136| [110701] Apache Fineract Query Parameter sql injection
2137| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2138| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2139| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2140| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2141| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2142| [110106] Apache CXF Fediz Spring cross site request forgery
2143| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2144| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2145| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2146| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2147| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2148| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2149| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2150| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2151| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2152| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2153| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2154| [108938] Apple macOS up to 10.13.1 apache denial of service
2155| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2156| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2157| [108935] Apple macOS up to 10.13.1 apache denial of service
2158| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2159| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2160| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2161| [108931] Apple macOS up to 10.13.1 apache denial of service
2162| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2163| [108929] Apple macOS up to 10.13.1 apache denial of service
2164| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2165| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2166| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2167| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2168| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2169| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2170| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2171| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2172| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2173| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2174| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2175| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2176| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2177| [108782] Apache Xerces2 XML Service denial of service
2178| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2179| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2180| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2181| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2182| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2183| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2184| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2185| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2186| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2187| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2188| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2189| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2190| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2191| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2192| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2193| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2194| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2195| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2196| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2197| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2198| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2199| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2200| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2201| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2202| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2203| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2204| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2205| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2206| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2207| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2208| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2209| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2210| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2211| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2212| [107639] Apache NiFi 1.4.0 XML External Entity
2213| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2214| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2215| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2216| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2217| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2218| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2219| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2220| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2221| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2222| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2223| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2224| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2225| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2226| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2227| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2228| [107084] Apache Struts up to 2.3.19 cross site scripting
2229| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2230| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2231| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2232| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2233| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2234| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2235| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2236| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2237| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2238| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2239| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2240| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2241| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2242| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2243| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2244| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2245| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2246| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2247| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2248| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2249| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2250| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2251| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2252| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2253| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2254| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2255| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2256| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2257| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2258| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2259| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2260| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2261| [105643] Apache Pony Mail up to 0.8b weak authentication
2262| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2263| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2264| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2265| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2266| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2267| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2268| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2269| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2270| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2271| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2272| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2273| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2274| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2275| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2276| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2277| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2278| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2279| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2280| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2281| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2282| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2283| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2284| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2285| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2286| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2287| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2288| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2289| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2290| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2291| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2292| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2293| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2294| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2295| [103690] Apache OpenMeetings 1.0.0 sql injection
2296| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2297| [103688] Apache OpenMeetings 1.0.0 weak encryption
2298| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2299| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2300| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2301| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2302| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2303| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2304| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2305| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2306| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2307| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2308| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2309| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2310| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2311| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2312| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2313| [103352] Apache Solr Node weak authentication
2314| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2315| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2316| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2317| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2318| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2319| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2320| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2321| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2322| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2323| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2324| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2325| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2326| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2327| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2328| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2329| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2330| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2331| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2332| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2333| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2334| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2335| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2336| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2337| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2338| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2339| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2340| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2341| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2342| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2343| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2344| [99937] Apache Batik up to 1.8 privilege escalation
2345| [99936] Apache FOP up to 2.1 privilege escalation
2346| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2347| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2348| [99930] Apache Traffic Server up to 6.2.0 denial of service
2349| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2350| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2351| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2352| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2353| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2354| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2355| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2356| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2357| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2358| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2359| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2360| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2361| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2362| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2363| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2364| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2365| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2366| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2367| [98605] Apple macOS up to 10.12.3 Apache denial of service
2368| [98604] Apple macOS up to 10.12.3 Apache denial of service
2369| [98603] Apple macOS up to 10.12.3 Apache denial of service
2370| [98602] Apple macOS up to 10.12.3 Apache denial of service
2371| [98601] Apple macOS up to 10.12.3 Apache denial of service
2372| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2373| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2374| [98199] Apache Camel Validation XML External Entity
2375| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2376| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2377| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2378| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2379| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2380| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2381| [97081] Apache Tomcat HTTPS Request denial of service
2382| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2383| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2384| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2385| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2386| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2387| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2388| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2389| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2390| [95311] Apache Storm UI Daemon privilege escalation
2391| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2392| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2393| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2394| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2395| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2396| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2397| [94540] Apache Tika 1.9 tika-server File information disclosure
2398| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2399| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2400| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2401| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2402| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2403| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2404| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2405| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2406| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2407| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2408| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2409| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2410| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2411| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2412| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2413| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2414| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2415| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2416| [93532] Apache Commons Collections Library Java privilege escalation
2417| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2418| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2419| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2420| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2421| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2422| [93098] Apache Commons FileUpload privilege escalation
2423| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2424| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2425| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2426| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2427| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2428| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2429| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2430| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2431| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2432| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2433| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2434| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2435| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2436| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2437| [92549] Apache Tomcat on Red Hat privilege escalation
2438| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2439| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2440| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2441| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2442| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2443| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2444| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2445| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2446| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2447| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2448| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2449| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2450| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2451| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2452| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2453| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2454| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2455| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2456| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2457| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2458| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2459| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2460| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2461| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2462| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2463| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2464| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2465| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2466| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2467| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2468| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2469| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2470| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2471| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2472| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2473| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2474| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2475| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2476| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2477| [90263] Apache Archiva Header denial of service
2478| [90262] Apache Archiva Deserialize privilege escalation
2479| [90261] Apache Archiva XML DTD Connection privilege escalation
2480| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2481| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2482| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2483| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2484| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2485| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2486| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2487| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2488| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2489| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2490| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2491| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2492| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2493| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2494| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2495| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2496| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2497| [87765] Apache James Server 2.3.2 Command privilege escalation
2498| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2499| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2500| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2501| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2502| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2503| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2504| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2505| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2506| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2507| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2508| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2509| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2510| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2511| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2512| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2513| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2514| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2515| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2516| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2517| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2518| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2519| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2520| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2521| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2522| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2523| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2524| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2525| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2526| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2527| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2528| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2529| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2530| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2531| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2532| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2533| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2534| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2535| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2536| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2537| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2538| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2539| [82076] Apache Ranger up to 0.5.1 privilege escalation
2540| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2541| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2542| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2543| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2544| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2545| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2546| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2547| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2548| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2549| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2550| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2551| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2552| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2553| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2554| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2555| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2556| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2557| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2558| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2559| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2560| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2561| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2562| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2563| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2564| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2565| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2566| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2567| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2568| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2569| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2570| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2571| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2572| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2573| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2574| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2575| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2576| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2577| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2578| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2579| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2580| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2581| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2582| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2583| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2584| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2585| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2586| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2587| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2588| [78989] Apache Ambari up to 2.1.1 Open Redirect
2589| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2590| [78987] Apache Ambari up to 2.0.x cross site scripting
2591| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2592| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2593| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2594| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2595| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2596| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2597| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2598| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2599| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2600| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2601| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2602| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2603| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2604| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2605| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2606| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2607| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2608| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2609| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2610| [76567] Apache Struts 2.3.20 unknown vulnerability
2611| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2612| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2613| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2614| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2615| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2616| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2617| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2618| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2619| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2620| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2621| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2622| [74793] Apache Tomcat File Upload denial of service
2623| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2624| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2625| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2626| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2627| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2628| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2629| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2630| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2631| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2632| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2633| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2634| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2635| [74468] Apache Batik up to 1.6 denial of service
2636| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2637| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2638| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2639| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2640| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2641| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2642| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2643| [73731] Apache XML Security unknown vulnerability
2644| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2645| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2646| [73593] Apache Traffic Server up to 5.1.0 denial of service
2647| [73511] Apache POI up to 3.10 Deadlock denial of service
2648| [73510] Apache Solr up to 4.3.0 cross site scripting
2649| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2650| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2651| [73173] Apache CloudStack Stack-Based unknown vulnerability
2652| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2653| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2654| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2655| [72890] Apache Qpid 0.30 unknown vulnerability
2656| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2657| [72878] Apache Cordova 3.5.0 cross site request forgery
2658| [72877] Apache Cordova 3.5.0 cross site request forgery
2659| [72876] Apache Cordova 3.5.0 cross site request forgery
2660| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2661| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2662| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2663| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2664| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2665| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2666| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2667| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2668| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2669| [71629] Apache Axis2/C spoofing
2670| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2671| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2672| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2673| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2674| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2675| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2676| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2677| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2678| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2679| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2680| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2681| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2682| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2683| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2684| [70809] Apache POI up to 3.11 Crash denial of service
2685| [70808] Apache POI up to 3.10 unknown vulnerability
2686| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2687| [70749] Apache Axis up to 1.4 getCN spoofing
2688| [70701] Apache Traffic Server up to 3.3.5 denial of service
2689| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2690| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2691| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2692| [70661] Apache Subversion up to 1.6.17 denial of service
2693| [70660] Apache Subversion up to 1.6.17 spoofing
2694| [70659] Apache Subversion up to 1.6.17 spoofing
2695| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2696| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2697| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2698| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2699| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2700| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2701| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2702| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2703| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2704| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2705| [69846] Apache HBase up to 0.94.8 information disclosure
2706| [69783] Apache CouchDB up to 1.2.0 memory corruption
2707| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2708| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2709| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2710| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2711| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2712| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2713| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2714| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2715| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2716| [69431] Apache Archiva up to 1.3.6 cross site scripting
2717| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2718| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2719| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2720| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2721| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2722| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2723| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2724| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2725| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2726| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2727| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2728| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2729| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2730| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2731| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2732| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2733| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2734| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2735| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2736| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2737| [66356] Apache Wicket up to 6.8.0 information disclosure
2738| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2739| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2740| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2741| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2742| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2743| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2744| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2745| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2746| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2747| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2748| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2749| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2750| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2751| [65668] Apache Solr 4.0.0 Updater denial of service
2752| [65665] Apache Solr up to 4.3.0 denial of service
2753| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2754| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2755| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2756| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2757| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2758| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2759| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2760| [65410] Apache Struts 2.3.15.3 cross site scripting
2761| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2762| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2763| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2764| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2765| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2766| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2767| [65340] Apache Shindig 2.5.0 information disclosure
2768| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2769| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2770| [10826] Apache Struts 2 File privilege escalation
2771| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2772| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2773| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2774| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2775| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2776| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2777| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2778| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2779| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2780| [64722] Apache XML Security for C++ Heap-based memory corruption
2781| [64719] Apache XML Security for C++ Heap-based memory corruption
2782| [64718] Apache XML Security for C++ verify denial of service
2783| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2784| [64716] Apache XML Security for C++ spoofing
2785| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2786| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2787| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2788| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2789| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2790| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2791| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2792| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2793| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2794| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2795| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2796| [64467] Apache Geronimo 3.0 memory corruption
2797| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2798| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2799| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2800| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2801| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2802| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2803| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2804| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2805| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2806| [8873] Apache Struts 2.3.14 privilege escalation
2807| [8872] Apache Struts 2.3.14 privilege escalation
2808| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2809| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2810| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2811| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2812| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2813| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2814| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2815| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2816| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2817| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2818| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2819| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2820| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2821| [8427] Apache Tomcat Session Transaction weak authentication
2822| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2823| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2824| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2825| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2826| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2827| [63747] Apache Rave up to 0.20 User Account information disclosure
2828| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2829| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2830| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2831| [7687] Apache CXF up to 2.7.2 Token weak authentication
2832| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2833| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2834| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2835| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2836| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2837| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2838| [63090] Apache Tomcat up to 4.1.24 denial of service
2839| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2840| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2841| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2842| [62833] Apache CXF -/2.6.0 spoofing
2843| [62832] Apache Axis2 up to 1.6.2 spoofing
2844| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2845| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2846| [62826] Apache Libcloud up to 0.11.0 spoofing
2847| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2848| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2849| [62661] Apache Axis2 unknown vulnerability
2850| [62658] Apache Axis2 unknown vulnerability
2851| [62467] Apache Qpid up to 0.17 denial of service
2852| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2853| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2854| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2855| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2856| [62035] Apache Struts up to 2.3.4 denial of service
2857| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2858| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2859| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2860| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2861| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2862| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2863| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2864| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2865| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2866| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2867| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2868| [61229] Apache Sling up to 2.1.1 denial of service
2869| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2870| [61094] Apache Roller up to 5.0 cross site scripting
2871| [61093] Apache Roller up to 5.0 cross site request forgery
2872| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2873| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2874| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2875| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2876| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2877| [60708] Apache Qpid 0.12 unknown vulnerability
2878| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2879| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2880| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2881| [4882] Apache Wicket up to 1.5.4 directory traversal
2882| [4881] Apache Wicket up to 1.4.19 cross site scripting
2883| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2884| [60352] Apache Struts up to 2.2.3 memory corruption
2885| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2886| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2887| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2888| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2889| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2890| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2891| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2892| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2893| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2894| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2895| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2896| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2897| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2898| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2899| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2900| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2901| [59888] Apache Tomcat up to 6.0.6 denial of service
2902| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2903| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2904| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2905| [59850] Apache Geronimo up to 2.2.1 denial of service
2906| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2907| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2908| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2909| [58413] Apache Tomcat up to 6.0.10 spoofing
2910| [58381] Apache Wicket up to 1.4.17 cross site scripting
2911| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2912| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2913| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2914| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2915| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2916| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2917| [57568] Apache Archiva up to 1.3.4 cross site scripting
2918| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2919| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2920| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2921| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2922| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2923| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2924| [57025] Apache Tomcat up to 7.0.11 information disclosure
2925| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2926| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2927| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2928| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2929| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2930| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2931| [56512] Apache Continuum up to 1.4.0 cross site scripting
2932| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2933| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2934| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2935| [56441] Apache Tomcat up to 7.0.6 denial of service
2936| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2937| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2938| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2939| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2940| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2941| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2942| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2943| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2944| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2945| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2946| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2947| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2948| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2949| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2950| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2951| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2952| [54012] Apache Tomcat up to 6.0.10 denial of service
2953| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2954| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2955| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2956| [52894] Apache Tomcat up to 6.0.7 information disclosure
2957| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2958| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2959| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2960| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2961| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2962| [52584] Apache CouchDB up to 0.10.1 information disclosure
2963| [51757] Apache HTTP Server 2.0.44 cross site scripting
2964| [51756] Apache HTTP Server 2.0.44 spoofing
2965| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2966| [51690] Apache Tomcat up to 6.0 directory traversal
2967| [51689] Apache Tomcat up to 6.0 information disclosure
2968| [51688] Apache Tomcat up to 6.0 directory traversal
2969| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2970| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2971| [50626] Apache Solr 1.0.0 cross site scripting
2972| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2973| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2974| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2975| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2976| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2977| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2978| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2979| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2980| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2981| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2982| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2983| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2984| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2985| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2986| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2987| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2988| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2989| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2990| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2991| [47214] Apachefriends xampp 1.6.8 spoofing
2992| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2993| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2994| [47065] Apache Tomcat 4.1.23 cross site scripting
2995| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2996| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2997| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2998| [86625] Apache Struts directory traversal
2999| [44461] Apache Tomcat up to 5.5.0 information disclosure
3000| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3001| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3002| [43663] Apache Tomcat up to 6.0.16 directory traversal
3003| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3004| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3005| [43516] Apache Tomcat up to 4.1.20 directory traversal
3006| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3007| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3008| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3009| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3010| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3011| [40924] Apache Tomcat up to 6.0.15 information disclosure
3012| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3013| [40922] Apache Tomcat up to 6.0 information disclosure
3014| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3015| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3016| [40656] Apache Tomcat 5.5.20 information disclosure
3017| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3018| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3019| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3020| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3021| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3022| [40234] Apache Tomcat up to 6.0.15 directory traversal
3023| [40221] Apache HTTP Server 2.2.6 information disclosure
3024| [40027] David Castro Apache Authcas 0.4 sql injection
3025| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3026| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3027| [3414] Apache Tomcat WebDAV Stored privilege escalation
3028| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3029| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3030| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3031| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3032| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3033| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3034| [38524] Apache Geronimo 2.0 unknown vulnerability
3035| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3036| [38331] Apache Tomcat 4.1.24 information disclosure
3037| [38330] Apache Tomcat 4.1.24 information disclosure
3038| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3039| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3040| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3041| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3042| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3043| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3044| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3045| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3046| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3047| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3048| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3049| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3050| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3051| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3052| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3053| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3054| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3055| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3056| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3057| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3058| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3059| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3060| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3061| [34252] Apache HTTP Server denial of service
3062| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3063| [33877] Apache Opentaps 0.9.3 cross site scripting
3064| [33876] Apache Open For Business Project unknown vulnerability
3065| [33875] Apache Open For Business Project cross site scripting
3066| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3067| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3068|
3069| MITRE CVE - https://cve.mitre.org:
3070| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3071| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3072| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3073| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3074| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3075| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3076| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3077| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3078| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3079| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3080| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3081| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3082| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3083| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3084| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3085| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3086| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3087| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3088| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3089| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3090| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3091| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3092| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3093| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3094| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3095| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3096| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3097| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3098| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3099| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3100| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3101| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3102| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3103| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3104| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3105| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3106| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3107| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3108| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3109| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3110| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3111| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3112| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3113| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3114| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3115| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3116| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3117| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3118| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3119| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3120| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3121| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3122| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3123| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3124| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3125| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3126| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3127| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3128| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3129| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3130| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3131| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3132| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3133| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3134| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3135| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3136| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3137| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3138| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3139| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3140| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3141| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3142| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3143| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3144| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3145| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3146| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3147| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3148| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3149| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3150| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3151| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3152| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3153| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3154| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3155| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3156| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3157| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3158| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3159| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3160| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3161| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3162| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3163| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3164| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3165| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3166| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3167| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3168| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3169| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3170| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3171| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3172| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3173| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3174| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3175| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3176| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3177| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3178| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3179| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3180| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3181| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3182| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3183| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3184| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3185| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3186| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3187| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3188| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3189| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3190| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3191| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3192| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3193| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3194| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3195| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3196| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3197| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3198| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3199| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3200| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3201| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3202| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3203| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3204| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3205| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3206| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3207| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3208| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3209| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3210| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3211| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3212| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3213| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3214| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3215| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3216| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3217| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3218| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3219| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3220| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3221| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3222| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3223| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3224| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3225| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3226| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3227| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3228| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3229| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3230| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3231| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3232| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3233| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3234| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3235| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3236| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3237| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3238| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3239| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3240| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3241| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3242| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3243| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3244| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3245| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3246| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3247| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3248| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3249| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3250| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3251| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3252| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3253| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3254| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3255| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3256| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3257| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3258| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3259| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3260| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3261| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3262| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3263| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3264| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3265| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3266| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3267| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3268| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3269| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3270| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3271| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3272| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3273| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3274| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3275| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3276| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3277| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3278| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3279| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3280| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3281| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3282| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3283| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3284| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3285| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3286| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3287| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3288| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3289| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3290| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3291| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3292| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3293| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3294| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3295| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3296| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3297| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3298| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3299| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3300| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3301| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3302| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3303| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3304| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3305| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3306| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3307| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3308| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3309| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3310| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3311| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3312| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3313| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3314| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3315| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3316| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3317| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3318| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3319| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3320| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3321| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3322| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3323| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3324| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3325| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3326| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3327| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3328| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3329| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3330| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3331| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3332| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3333| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3334| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3335| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3336| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3337| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3338| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3339| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3340| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3341| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3342| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3343| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3344| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3345| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3346| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3347| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3348| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3349| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3350| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3351| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3352| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3353| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3354| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3355| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3356| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3357| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3358| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3359| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3360| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3361| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3362| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3363| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3364| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3365| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3366| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3367| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3368| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3369| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3370| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3371| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3372| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3373| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3374| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3375| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3376| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3377| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3378| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3379| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3380| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3381| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3382| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3383| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3384| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3385| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3386| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3387| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3388| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3389| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3390| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3391| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3392| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3393| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3394| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3395| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3396| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3397| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3398| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3399| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3400| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3401| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3402| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3403| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3404| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3405| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3406| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3407| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3408| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3409| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3410| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3411| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3412| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3413| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3414| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3415| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3416| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3417| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3418| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3419| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3420| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3421| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3422| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3423| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3424| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3425| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3426| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3427| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3428| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3429| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3430| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3431| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3432| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3433| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3434| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3435| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3436| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3437| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3438| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3439| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3440| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3441| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3442| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3443| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3444| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3445| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3446| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3447| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3448| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3449| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3450| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3451| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3452| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3453| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3454| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3455| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3456| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3457| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3458| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3459| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3460| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3461| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3462| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3463| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3464| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3465| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3466| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3467| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3468| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3469| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3470| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3471| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3472| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3473| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3474| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3475| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3476| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3477| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3478| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3479| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3480| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3481| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3482| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3483| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3484| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3485| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3486| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3487| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3488| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3489| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3490| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3491| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3492| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3493| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3494| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3495| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3496| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3497| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3498| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3499| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3500| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3501| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3502| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3503| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3504| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3505| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3506| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3507| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3508| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3509| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3510| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3511| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3512| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3513| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3514| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3515| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3516| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3517| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3518| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3519| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3520| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3521| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3522| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3523| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3524| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3525| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3526| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3527| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3528| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3529| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3530| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3531| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3532| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3533| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3534| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3535| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3536| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3537| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3538| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3539| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3540| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3541| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3542| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3543| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3544| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3545| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3546| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3547| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3548| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3549| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3550| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3551| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3552| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3553| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3554| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3555| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3556| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3557| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3558| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3559| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3560| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3561| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3562| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3563| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3564| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3565| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3566| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3567| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3568| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3569| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3570| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3571| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3572| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3573| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3574| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3575| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3576| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3577| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3578| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3579| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3580| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3581| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3582| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3583| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3584| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3585| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3586| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3587| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3588| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3589| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3590| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3591| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3592| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3593| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3594| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3595| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3596| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3597| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3598| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3599| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3600| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3601| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3602| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3603| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3604| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3605| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3606| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3607| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3608| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3609| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3610| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3611| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3612| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3613| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3614| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3615| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3616| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3617| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3618| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3619| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3620| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3621| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3622| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3623| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3624| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3625| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3626| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3627| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3628| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3629| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3630| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3631| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3632| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3633| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3634| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3635| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3636| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3637| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3638| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3639| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3640| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3641| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3642| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3643| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3644| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3645| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3646| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3647| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3648| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3649| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3650| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3651| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3652| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3653| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3654| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3655| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3656| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3657| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3658| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3659| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3660| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3661| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3662| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3663| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3664| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3665| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3666| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3667| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3668| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3669| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3670| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3671| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3672| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3673| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3674| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3675| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3676| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3677| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3678| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3679|
3680| SecurityFocus - https://www.securityfocus.com/bid/:
3681| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3682| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3683| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3684| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3685| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3686| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3687| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3688| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3689| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3690| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3691| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3692| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3693| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3694| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3695| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3696| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3697| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3698| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3699| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3700| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3701| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3702| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3703| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3704| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3705| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3706| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3707| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3708| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3709| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3710| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3711| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3712| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3713| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3714| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3715| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3716| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3717| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3718| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3719| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3720| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3721| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3722| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3723| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3724| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3725| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3726| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3727| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3728| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3729| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3730| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3731| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3732| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3733| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3734| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3735| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3736| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3737| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3738| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3739| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3740| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3741| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3742| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3743| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3744| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3745| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3746| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3747| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3748| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3749| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3750| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3751| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3752| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3753| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3754| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3755| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3756| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3757| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3758| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3759| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3760| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3761| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3762| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3763| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3764| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3765| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3766| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3767| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3768| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3769| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3770| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3771| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3772| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3773| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3774| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3775| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3776| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3777| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3778| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3779| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3780| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3781| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3782| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3783| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3784| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3785| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3786| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3787| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3788| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3789| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3790| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3791| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3792| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3793| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3794| [100447] Apache2Triad Multiple Security Vulnerabilities
3795| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3796| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3797| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3798| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3799| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3800| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3801| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3802| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3803| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3804| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3805| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3806| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3807| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3808| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3809| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3810| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3811| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3812| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3813| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3814| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3815| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3816| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3817| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3818| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3819| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3820| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3821| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3822| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3823| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3824| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3825| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3826| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3827| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3828| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3829| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3830| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3831| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3832| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3833| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3834| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3835| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3836| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3837| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3838| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3839| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3840| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3841| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3842| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3843| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3844| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3845| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3846| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3847| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3848| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3849| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3850| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3851| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3852| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3853| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3854| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3855| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3856| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3857| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3858| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3859| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3860| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3861| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3862| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3863| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3864| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3865| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3866| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3867| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3868| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3869| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3870| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3871| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3872| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3873| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3874| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3875| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3876| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3877| [95675] Apache Struts Remote Code Execution Vulnerability
3878| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3879| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3880| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3881| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3882| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3883| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3884| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3885| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3886| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3887| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3888| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3889| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3890| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3891| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3892| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3893| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3894| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3895| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3896| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3897| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3898| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3899| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3900| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3901| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3902| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3903| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3904| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3905| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3906| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3907| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3908| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3909| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3910| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3911| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3912| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3913| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3914| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3915| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3916| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3917| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3918| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3919| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3920| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3921| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3922| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3923| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3924| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3925| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3926| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3927| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3928| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3929| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3930| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3931| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3932| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3933| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3934| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3935| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3936| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3937| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3938| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3939| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3940| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3941| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3942| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3943| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3944| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3945| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3946| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3947| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3948| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3949| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3950| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3951| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3952| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3953| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3954| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3955| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3956| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3957| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3958| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3959| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3960| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3961| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3962| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3963| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3964| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3965| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3966| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3967| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3968| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3969| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3970| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3971| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3972| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3973| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3974| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3975| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3976| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3977| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3978| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3979| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3980| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3981| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3982| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3983| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3984| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3985| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3986| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3987| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3988| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3989| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3990| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3991| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3992| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3993| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3994| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3995| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3996| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3997| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3998| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3999| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4000| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4001| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4002| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4003| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4004| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4005| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4006| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4007| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4008| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4009| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4010| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4011| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4012| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4013| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4014| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4015| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4016| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4017| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4018| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4019| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4020| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4021| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4022| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4023| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4024| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4025| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4026| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4027| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4028| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4029| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4030| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4031| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4032| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4033| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4034| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4035| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4036| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4037| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4038| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4039| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4040| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4041| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4042| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4043| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4044| [76933] Apache James Server Unspecified Command Execution Vulnerability
4045| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4046| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4047| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4048| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4049| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4050| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4051| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4052| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4053| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4054| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4055| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4056| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4057| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4058| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4059| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4060| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4061| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4062| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4063| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4064| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4065| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4066| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4067| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4068| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4069| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4070| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4071| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4072| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4073| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4074| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4075| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4076| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4077| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4078| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4079| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4080| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4081| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4082| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4083| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4084| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4085| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4086| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4087| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4088| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4089| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4090| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4091| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4092| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4093| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4094| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4095| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4096| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4097| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4098| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4099| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4100| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4101| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4102| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4103| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4104| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4105| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4106| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4107| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4108| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4109| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4110| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4111| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4112| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4113| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4114| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4115| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4116| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4117| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4118| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4119| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4120| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4121| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4122| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4123| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4124| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4125| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4126| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4127| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4128| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4129| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4130| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4131| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4132| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4133| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4134| [68229] Apache Harmony PRNG Entropy Weakness
4135| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4136| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4137| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4138| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4139| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4140| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4141| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4142| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4143| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4144| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4145| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4146| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4147| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4148| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4149| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4150| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4151| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4152| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4153| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4154| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4155| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4156| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4157| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4158| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4159| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4160| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4161| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4162| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4163| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4164| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4165| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4166| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4167| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4168| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4169| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4170| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4171| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4172| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4173| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4174| [64780] Apache CloudStack Unauthorized Access Vulnerability
4175| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4176| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4177| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4178| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4179| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4180| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4181| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4182| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4183| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4184| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4185| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4186| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4187| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4188| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4189| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4190| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4191| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4192| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4193| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4194| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4195| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4196| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4197| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4198| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4199| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4200| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4201| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4202| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4203| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4204| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4205| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4206| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4207| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4208| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4209| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4210| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4211| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4212| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4213| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4214| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4215| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4216| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4217| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4218| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4219| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4220| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4221| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4222| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4223| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4224| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4225| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4226| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4227| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4228| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4229| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4230| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4231| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4232| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4233| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4234| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4235| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4236| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4237| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4238| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4239| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4240| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4241| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4242| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4243| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4244| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4245| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4246| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4247| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4248| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4249| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4250| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4251| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4252| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4253| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4254| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4255| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4256| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4257| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4258| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4259| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4260| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4261| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4262| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4263| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4264| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4265| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4266| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4267| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4268| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4269| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4270| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4271| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4272| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4273| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4274| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4275| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4276| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4277| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4278| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4279| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4280| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4281| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4282| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4283| [54798] Apache Libcloud Man In The Middle Vulnerability
4284| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4285| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4286| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4287| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4288| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4289| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4290| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4291| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4292| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4293| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4294| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4295| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4296| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4297| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4298| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4299| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4300| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4301| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4302| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4303| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4304| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4305| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4306| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4307| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4308| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4309| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4310| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4311| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4312| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4313| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4314| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4315| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4316| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4317| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4318| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4319| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4320| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4321| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4322| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4323| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4324| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4325| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4326| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4327| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4328| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4329| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4330| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4331| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4332| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4333| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4334| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4335| [49290] Apache Wicket Cross Site Scripting Vulnerability
4336| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4337| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4338| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4339| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4340| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4341| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4342| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4343| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4344| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4345| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4346| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4347| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4348| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4349| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4350| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4351| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4352| [46953] Apache MPM-ITK Module Security Weakness
4353| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4354| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4355| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4356| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4357| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4358| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4359| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4360| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4361| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4362| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4363| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4364| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4365| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4366| [44616] Apache Shiro Directory Traversal Vulnerability
4367| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4368| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4369| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4370| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4371| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4372| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4373| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4374| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4375| [42492] Apache CXF XML DTD Processing Security Vulnerability
4376| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4377| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4378| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4379| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4380| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4381| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4382| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4383| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4384| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4385| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4386| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4387| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4388| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4389| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4390| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4391| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4392| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4393| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4394| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4395| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4396| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4397| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4398| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4399| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4400| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4401| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4402| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4403| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4404| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4405| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4406| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4407| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4408| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4409| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4410| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4411| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4412| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4413| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4414| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4415| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4416| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4417| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4418| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4419| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4420| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4421| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4422| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4423| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4424| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4425| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4426| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4427| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4428| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4429| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4430| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4431| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4432| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4433| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4434| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4435| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4436| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4437| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4438| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4439| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4440| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4441| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4442| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4443| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4444| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4445| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4446| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4447| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4448| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4449| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4450| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4451| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4452| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4453| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4454| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4455| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4456| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4457| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4458| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4459| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4460| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4461| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4462| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4463| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4464| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4465| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4466| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4467| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4468| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4469| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4470| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4471| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4472| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4473| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4474| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4475| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4476| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4477| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4478| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4479| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4480| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4481| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4482| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4483| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4484| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4485| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4486| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4487| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4488| [20527] Apache Mod_TCL Remote Format String Vulnerability
4489| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4490| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4491| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4492| [19106] Apache Tomcat Information Disclosure Vulnerability
4493| [18138] Apache James SMTP Denial Of Service Vulnerability
4494| [17342] Apache Struts Multiple Remote Vulnerabilities
4495| [17095] Apache Log4Net Denial Of Service Vulnerability
4496| [16916] Apache mod_python FileSession Code Execution Vulnerability
4497| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4498| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4499| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4500| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4501| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4502| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4503| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4504| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4505| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4506| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4507| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4508| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4509| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4510| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4511| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4512| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4513| [14106] Apache HTTP Request Smuggling Vulnerability
4514| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4515| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4516| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4517| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4518| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4519| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4520| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4521| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4522| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4523| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4524| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4525| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4526| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4527| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4528| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4529| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4530| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4531| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4532| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4533| [11094] Apache mod_ssl Denial Of Service Vulnerability
4534| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4535| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4536| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4537| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4538| [10478] ClueCentral Apache Suexec Patch Security Weakness
4539| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4540| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4541| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4542| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4543| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4544| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4545| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4546| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4547| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4548| [9733] Apache Cygwin Directory Traversal Vulnerability
4549| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4550| [9590] Apache-SSL Client Certificate Forging Vulnerability
4551| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4552| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4553| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4554| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4555| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4556| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4557| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4558| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4559| [8898] Red Hat Apache Directory Index Default Configuration Error
4560| [8883] Apache Cocoon Directory Traversal Vulnerability
4561| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4562| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4563| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4564| [8707] Apache htpasswd Password Entropy Weakness
4565| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4566| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4567| [8226] Apache HTTP Server Multiple Vulnerabilities
4568| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4569| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4570| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4571| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4572| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4573| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4574| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4575| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4576| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4577| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4578| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4579| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4580| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4581| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4582| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4583| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4584| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4585| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4586| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4587| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4588| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4589| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4590| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4591| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4592| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4593| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4594| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4595| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4596| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4597| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4598| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4599| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4600| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4601| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4602| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4603| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4604| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4605| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4606| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4607| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4608| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4609| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4610| [5485] Apache 2.0 Path Disclosure Vulnerability
4611| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4612| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4613| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4614| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4615| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4616| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4617| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4618| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4619| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4620| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4621| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4622| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4623| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4624| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4625| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4626| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4627| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4628| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4629| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4630| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4631| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4632| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4633| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4634| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4635| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4636| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4637| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4638| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4639| [3596] Apache Split-Logfile File Append Vulnerability
4640| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4641| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4642| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4643| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4644| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4645| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4646| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4647| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4648| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4649| [3169] Apache Server Address Disclosure Vulnerability
4650| [3009] Apache Possible Directory Index Disclosure Vulnerability
4651| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4652| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4653| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4654| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4655| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4656| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4657| [2216] Apache Web Server DoS Vulnerability
4658| [2182] Apache /tmp File Race Vulnerability
4659| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4660| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4661| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4662| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4663| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4664| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4665| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4666| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4667| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4668| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4669| [1457] Apache::ASP source.asp Example Script Vulnerability
4670| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4671| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4672|
4673| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4674| [86258] Apache CloudStack text fields cross-site scripting
4675| [85983] Apache Subversion mod_dav_svn module denial of service
4676| [85875] Apache OFBiz UEL code execution
4677| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4678| [85871] Apache HTTP Server mod_session_dbd unspecified
4679| [85756] Apache Struts OGNL expression command execution
4680| [85755] Apache Struts DefaultActionMapper class open redirect
4681| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4682| [85574] Apache HTTP Server mod_dav denial of service
4683| [85573] Apache Struts Showcase App OGNL code execution
4684| [85496] Apache CXF denial of service
4685| [85423] Apache Geronimo RMI classloader code execution
4686| [85326] Apache Santuario XML Security for C++ buffer overflow
4687| [85323] Apache Santuario XML Security for Java spoofing
4688| [85319] Apache Qpid Python client SSL spoofing
4689| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4690| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4691| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4692| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4693| [84952] Apache Tomcat CVE-2012-3544 denial of service
4694| [84763] Apache Struts CVE-2013-2135 security bypass
4695| [84762] Apache Struts CVE-2013-2134 security bypass
4696| [84719] Apache Subversion CVE-2013-2088 command execution
4697| [84718] Apache Subversion CVE-2013-2112 denial of service
4698| [84717] Apache Subversion CVE-2013-1968 denial of service
4699| [84577] Apache Tomcat security bypass
4700| [84576] Apache Tomcat symlink
4701| [84543] Apache Struts CVE-2013-2115 security bypass
4702| [84542] Apache Struts CVE-2013-1966 security bypass
4703| [84154] Apache Tomcat session hijacking
4704| [84144] Apache Tomcat denial of service
4705| [84143] Apache Tomcat information disclosure
4706| [84111] Apache HTTP Server command execution
4707| [84043] Apache Virtual Computing Lab cross-site scripting
4708| [84042] Apache Virtual Computing Lab cross-site scripting
4709| [83782] Apache CloudStack information disclosure
4710| [83781] Apache CloudStack security bypass
4711| [83720] Apache ActiveMQ cross-site scripting
4712| [83719] Apache ActiveMQ denial of service
4713| [83718] Apache ActiveMQ denial of service
4714| [83263] Apache Subversion denial of service
4715| [83262] Apache Subversion denial of service
4716| [83261] Apache Subversion denial of service
4717| [83259] Apache Subversion denial of service
4718| [83035] Apache mod_ruid2 security bypass
4719| [82852] Apache Qpid federation_tag security bypass
4720| [82851] Apache Qpid qpid::framing::Buffer denial of service
4721| [82758] Apache Rave User RPC API information disclosure
4722| [82663] Apache Subversion svn_fs_file_length() denial of service
4723| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4724| [82641] Apache Qpid AMQP denial of service
4725| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4726| [82618] Apache Commons FileUpload symlink
4727| [82360] Apache HTTP Server manager interface cross-site scripting
4728| [82359] Apache HTTP Server hostnames cross-site scripting
4729| [82338] Apache Tomcat log/logdir information disclosure
4730| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4731| [82268] Apache OpenJPA deserialization command execution
4732| [81981] Apache CXF UsernameTokens security bypass
4733| [81980] Apache CXF WS-Security security bypass
4734| [81398] Apache OFBiz cross-site scripting
4735| [81240] Apache CouchDB directory traversal
4736| [81226] Apache CouchDB JSONP code execution
4737| [81225] Apache CouchDB Futon user interface cross-site scripting
4738| [81211] Apache Axis2/C SSL spoofing
4739| [81167] Apache CloudStack DeployVM information disclosure
4740| [81166] Apache CloudStack AddHost API information disclosure
4741| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4742| [80518] Apache Tomcat cross-site request forgery security bypass
4743| [80517] Apache Tomcat FormAuthenticator security bypass
4744| [80516] Apache Tomcat NIO denial of service
4745| [80408] Apache Tomcat replay-countermeasure security bypass
4746| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4747| [80317] Apache Tomcat slowloris denial of service
4748| [79984] Apache Commons HttpClient SSL spoofing
4749| [79983] Apache CXF SSL spoofing
4750| [79830] Apache Axis2/Java SSL spoofing
4751| [79829] Apache Axis SSL spoofing
4752| [79809] Apache Tomcat DIGEST security bypass
4753| [79806] Apache Tomcat parseHeaders() denial of service
4754| [79540] Apache OFBiz unspecified
4755| [79487] Apache Axis2 SAML security bypass
4756| [79212] Apache Cloudstack code execution
4757| [78734] Apache CXF SOAP Action security bypass
4758| [78730] Apache Qpid broker denial of service
4759| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4760| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4761| [78562] Apache mod_pagespeed module security bypass
4762| [78454] Apache Axis2 security bypass
4763| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4764| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4765| [78321] Apache Wicket unspecified cross-site scripting
4766| [78183] Apache Struts parameters denial of service
4767| [78182] Apache Struts cross-site request forgery
4768| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4769| [77987] mod_rpaf module for Apache denial of service
4770| [77958] Apache Struts skill name code execution
4771| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4772| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4773| [77568] Apache Qpid broker security bypass
4774| [77421] Apache Libcloud spoofing
4775| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4776| [77046] Oracle Solaris Apache HTTP Server information disclosure
4777| [76837] Apache Hadoop information disclosure
4778| [76802] Apache Sling CopyFrom denial of service
4779| [76692] Apache Hadoop symlink
4780| [76535] Apache Roller console cross-site request forgery
4781| [76534] Apache Roller weblog cross-site scripting
4782| [76152] Apache CXF elements security bypass
4783| [76151] Apache CXF child policies security bypass
4784| [75983] MapServer for Windows Apache file include
4785| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4786| [75558] Apache POI denial of service
4787| [75545] PHP apache_request_headers() buffer overflow
4788| [75302] Apache Qpid SASL security bypass
4789| [75211] Debian GNU/Linux apache 2 cross-site scripting
4790| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4791| [74871] Apache OFBiz FlexibleStringExpander code execution
4792| [74870] Apache OFBiz multiple cross-site scripting
4793| [74750] Apache Hadoop unspecified spoofing
4794| [74319] Apache Struts XSLTResult.java file upload
4795| [74313] Apache Traffic Server header buffer overflow
4796| [74276] Apache Wicket directory traversal
4797| [74273] Apache Wicket unspecified cross-site scripting
4798| [74181] Apache HTTP Server mod_fcgid module denial of service
4799| [73690] Apache Struts OGNL code execution
4800| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4801| [73100] Apache MyFaces in directory traversal
4802| [73096] Apache APR hash denial of service
4803| [73052] Apache Struts name cross-site scripting
4804| [73030] Apache CXF UsernameToken security bypass
4805| [72888] Apache Struts lastName cross-site scripting
4806| [72758] Apache HTTP Server httpOnly information disclosure
4807| [72757] Apache HTTP Server MPM denial of service
4808| [72585] Apache Struts ParameterInterceptor security bypass
4809| [72438] Apache Tomcat Digest security bypass
4810| [72437] Apache Tomcat Digest security bypass
4811| [72436] Apache Tomcat DIGEST security bypass
4812| [72425] Apache Tomcat parameter denial of service
4813| [72422] Apache Tomcat request object information disclosure
4814| [72377] Apache HTTP Server scoreboard security bypass
4815| [72345] Apache HTTP Server HTTP request denial of service
4816| [72229] Apache Struts ExceptionDelegator command execution
4817| [72089] Apache Struts ParameterInterceptor directory traversal
4818| [72088] Apache Struts CookieInterceptor command execution
4819| [72047] Apache Geronimo hash denial of service
4820| [72016] Apache Tomcat hash denial of service
4821| [71711] Apache Struts OGNL expression code execution
4822| [71654] Apache Struts interfaces security bypass
4823| [71620] Apache ActiveMQ failover denial of service
4824| [71617] Apache HTTP Server mod_proxy module information disclosure
4825| [71508] Apache MyFaces EL security bypass
4826| [71445] Apache HTTP Server mod_proxy security bypass
4827| [71203] Apache Tomcat servlets privilege escalation
4828| [71181] Apache HTTP Server ap_pregsub() denial of service
4829| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4830| [70336] Apache HTTP Server mod_proxy information disclosure
4831| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4832| [69472] Apache Tomcat AJP security bypass
4833| [69396] Apache HTTP Server ByteRange filter denial of service
4834| [69394] Apache Wicket multi window support cross-site scripting
4835| [69176] Apache Tomcat XML information disclosure
4836| [69161] Apache Tomcat jsvc information disclosure
4837| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4838| [68541] Apache Tomcat sendfile information disclosure
4839| [68420] Apache XML Security denial of service
4840| [68238] Apache Tomcat JMX information disclosure
4841| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4842| [67804] Apache Subversion control rules information disclosure
4843| [67803] Apache Subversion control rules denial of service
4844| [67802] Apache Subversion baselined denial of service
4845| [67672] Apache Archiva multiple cross-site scripting
4846| [67671] Apache Archiva multiple cross-site request forgery
4847| [67564] Apache APR apr_fnmatch() denial of service
4848| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4849| [67515] Apache Tomcat annotations security bypass
4850| [67480] Apache Struts s:submit information disclosure
4851| [67414] Apache APR apr_fnmatch() denial of service
4852| [67356] Apache Struts javatemplates cross-site scripting
4853| [67354] Apache Struts Xwork cross-site scripting
4854| [66676] Apache Tomcat HTTP BIO information disclosure
4855| [66675] Apache Tomcat web.xml security bypass
4856| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4857| [66241] Apache HttpComponents information disclosure
4858| [66154] Apache Tomcat ServletSecurity security bypass
4859| [65971] Apache Tomcat ServletSecurity security bypass
4860| [65876] Apache Subversion mod_dav_svn denial of service
4861| [65343] Apache Continuum unspecified cross-site scripting
4862| [65162] Apache Tomcat NIO connector denial of service
4863| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4864| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4865| [65159] Apache Tomcat ServletContect security bypass
4866| [65050] Apache CouchDB web-based administration UI cross-site scripting
4867| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4868| [64473] Apache Subversion blame -g denial of service
4869| [64472] Apache Subversion walk() denial of service
4870| [64407] Apache Axis2 CVE-2010-0219 code execution
4871| [63926] Apache Archiva password privilege escalation
4872| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4873| [63493] Apache Archiva credentials cross-site request forgery
4874| [63477] Apache Tomcat HttpOnly session hijacking
4875| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4876| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4877| [62959] Apache Shiro filters security bypass
4878| [62790] Apache Perl cgi module denial of service
4879| [62576] Apache Qpid exchange denial of service
4880| [62575] Apache Qpid AMQP denial of service
4881| [62354] Apache Qpid SSL denial of service
4882| [62235] Apache APR-util apr_brigade_split_line() denial of service
4883| [62181] Apache XML-RPC SAX Parser information disclosure
4884| [61721] Apache Traffic Server cache poisoning
4885| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4886| [61186] Apache CouchDB Futon cross-site request forgery
4887| [61169] Apache CXF DTD denial of service
4888| [61070] Apache Jackrabbit search.jsp SQL injection
4889| [61006] Apache SLMS Quoting cross-site request forgery
4890| [60962] Apache Tomcat time cross-site scripting
4891| [60883] Apache mod_proxy_http information disclosure
4892| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4893| [60264] Apache Tomcat Transfer-Encoding denial of service
4894| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4895| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4896| [59413] Apache mod_proxy_http timeout information disclosure
4897| [59058] Apache MyFaces unencrypted view state cross-site scripting
4898| [58827] Apache Axis2 xsd file include
4899| [58790] Apache Axis2 modules cross-site scripting
4900| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4901| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4902| [58056] Apache ActiveMQ .jsp source code disclosure
4903| [58055] Apache Tomcat realm name information disclosure
4904| [58046] Apache HTTP Server mod_auth_shadow security bypass
4905| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4906| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4907| [57429] Apache CouchDB algorithms information disclosure
4908| [57398] Apache ActiveMQ Web console cross-site request forgery
4909| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4910| [56653] Apache HTTP Server DNS spoofing
4911| [56652] Apache HTTP Server DNS cross-site scripting
4912| [56625] Apache HTTP Server request header information disclosure
4913| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4914| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4915| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4916| [55857] Apache Tomcat WAR files directory traversal
4917| [55856] Apache Tomcat autoDeploy attribute security bypass
4918| [55855] Apache Tomcat WAR directory traversal
4919| [55210] Intuit component for Joomla! Apache information disclosure
4920| [54533] Apache Tomcat 404 error page cross-site scripting
4921| [54182] Apache Tomcat admin default password
4922| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4923| [53666] Apache HTTP Server Solaris pollset support denial of service
4924| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4925| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4926| [53041] mod_proxy_ftp module for Apache denial of service
4927| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4928| [51953] Apache Tomcat Path Disclosure
4929| [51952] Apache Tomcat Path Traversal
4930| [51951] Apache stronghold-status Information Disclosure
4931| [51950] Apache stronghold-info Information Disclosure
4932| [51949] Apache PHP Source Code Disclosure
4933| [51948] Apache Multiviews Attack
4934| [51946] Apache JServ Environment Status Information Disclosure
4935| [51945] Apache error_log Information Disclosure
4936| [51944] Apache Default Installation Page Pattern Found
4937| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4938| [51942] Apache AXIS XML External Entity File Retrieval
4939| [51941] Apache AXIS Sample Servlet Information Leak
4940| [51940] Apache access_log Information Disclosure
4941| [51626] Apache mod_deflate denial of service
4942| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4943| [51365] Apache Tomcat RequestDispatcher security bypass
4944| [51273] Apache HTTP Server Incomplete Request denial of service
4945| [51195] Apache Tomcat XML information disclosure
4946| [50994] Apache APR-util xml/apr_xml.c denial of service
4947| [50993] Apache APR-util apr_brigade_vprintf denial of service
4948| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4949| [50930] Apache Tomcat j_security_check information disclosure
4950| [50928] Apache Tomcat AJP denial of service
4951| [50884] Apache HTTP Server XML ENTITY denial of service
4952| [50808] Apache HTTP Server AllowOverride privilege escalation
4953| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4954| [50059] Apache mod_proxy_ajp information disclosure
4955| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4956| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4957| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4958| [49921] Apache ActiveMQ Web interface cross-site scripting
4959| [49898] Apache Geronimo Services/Repository directory traversal
4960| [49725] Apache Tomcat mod_jk module information disclosure
4961| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4962| [49712] Apache Struts unspecified cross-site scripting
4963| [49213] Apache Tomcat cal2.jsp cross-site scripting
4964| [48934] Apache Tomcat POST doRead method information disclosure
4965| [48211] Apache Tomcat header HTTP request smuggling
4966| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4967| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4968| [47709] Apache Roller "
4969| [47104] Novell Netware ApacheAdmin console security bypass
4970| [47086] Apache HTTP Server OS fingerprinting unspecified
4971| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4972| [45791] Apache Tomcat RemoteFilterValve security bypass
4973| [44435] Oracle WebLogic Apache Connector buffer overflow
4974| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4975| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4976| [44156] Apache Tomcat RequestDispatcher directory traversal
4977| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4978| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4979| [42987] Apache HTTP Server mod_proxy module denial of service
4980| [42915] Apache Tomcat JSP files path disclosure
4981| [42914] Apache Tomcat MS-DOS path disclosure
4982| [42892] Apache Tomcat unspecified unauthorized access
4983| [42816] Apache Tomcat Host Manager cross-site scripting
4984| [42303] Apache 403 error cross-site scripting
4985| [41618] Apache-SSL ExpandCert() authentication bypass
4986| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4987| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4988| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4989| [40562] Apache Geronimo init information disclosure
4990| [40478] Novell Web Manager webadmin-apache.conf security bypass
4991| [40411] Apache Tomcat exception handling information disclosure
4992| [40409] Apache Tomcat native (APR based) connector weak security
4993| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4994| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4995| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4996| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4997| [39804] Apache Tomcat SingleSignOn information disclosure
4998| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4999| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5000| [39608] Apache HTTP Server balancer manager cross-site request forgery
5001| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5002| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5003| [39472] Apache HTTP Server mod_status cross-site scripting
5004| [39201] Apache Tomcat JULI logging weak security
5005| [39158] Apache HTTP Server Windows SMB shares information disclosure
5006| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5007| [38951] Apache::AuthCAS Perl module cookie SQL injection
5008| [38800] Apache HTTP Server 413 error page cross-site scripting
5009| [38211] Apache Geronimo SQLLoginModule authentication bypass
5010| [37243] Apache Tomcat WebDAV directory traversal
5011| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5012| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5013| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5014| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5015| [36782] Apache Geronimo MEJB unauthorized access
5016| [36586] Apache HTTP Server UTF-7 cross-site scripting
5017| [36468] Apache Geronimo LoginModule security bypass
5018| [36467] Apache Tomcat functions.jsp cross-site scripting
5019| [36402] Apache Tomcat calendar cross-site request forgery
5020| [36354] Apache HTTP Server mod_proxy module denial of service
5021| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5022| [36336] Apache Derby lock table privilege escalation
5023| [36335] Apache Derby schema privilege escalation
5024| [36006] Apache Tomcat "
5025| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5026| [35999] Apache Tomcat \"
5027| [35795] Apache Tomcat CookieExample cross-site scripting
5028| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5029| [35384] Apache HTTP Server mod_cache module denial of service
5030| [35097] Apache HTTP Server mod_status module cross-site scripting
5031| [35095] Apache HTTP Server Prefork MPM module denial of service
5032| [34984] Apache HTTP Server recall_headers information disclosure
5033| [34966] Apache HTTP Server MPM content spoofing
5034| [34965] Apache HTTP Server MPM information disclosure
5035| [34963] Apache HTTP Server MPM multiple denial of service
5036| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5037| [34869] Apache Tomcat JSP example Web application cross-site scripting
5038| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5039| [34496] Apache Tomcat JK Connector security bypass
5040| [34377] Apache Tomcat hello.jsp cross-site scripting
5041| [34212] Apache Tomcat SSL configuration security bypass
5042| [34210] Apache Tomcat Accept-Language cross-site scripting
5043| [34209] Apache Tomcat calendar application cross-site scripting
5044| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5045| [34167] Apache Axis WSDL file path disclosure
5046| [34068] Apache Tomcat AJP connector information disclosure
5047| [33584] Apache HTTP Server suEXEC privilege escalation
5048| [32988] Apache Tomcat proxy module directory traversal
5049| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5050| [32708] Debian Apache tty privilege escalation
5051| [32441] ApacheStats extract() PHP call unspecified
5052| [32128] Apache Tomcat default account
5053| [31680] Apache Tomcat RequestParamExample cross-site scripting
5054| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5055| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5056| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5057| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5058| [29550] Apache mod_tcl set_var() format string
5059| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5060| [28357] Apache HTTP Server mod_alias script source information disclosure
5061| [28063] Apache mod_rewrite off-by-one buffer overflow
5062| [27902] Apache Tomcat URL information disclosure
5063| [26786] Apache James SMTP server denial of service
5064| [25680] libapache2 /tmp/svn file upload
5065| [25614] Apache Struts lookupMap cross-site scripting
5066| [25613] Apache Struts ActionForm denial of service
5067| [25612] Apache Struts isCancelled() security bypass
5068| [24965] Apache mod_python FileSession command execution
5069| [24716] Apache James spooler memory leak denial of service
5070| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5071| [24158] Apache Geronimo jsp-examples cross-site scripting
5072| [24030] Apache auth_ldap module multiple format strings
5073| [24008] Apache mod_ssl custom error message denial of service
5074| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5075| [23612] Apache mod_imap referer field cross-site scripting
5076| [23173] Apache Struts error message cross-site scripting
5077| [22942] Apache Tomcat directory listing denial of service
5078| [22858] Apache Multi-Processing Module code allows denial of service
5079| [22602] RHSA-2005:582 updates for Apache httpd not installed
5080| [22520] Apache mod-auth-shadow "
5081| [22466] ApacheTop symlink
5082| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5083| [22006] Apache HTTP Server byte-range filter denial of service
5084| [21567] Apache mod_ssl off-by-one buffer overflow
5085| [21195] Apache HTTP Server header HTTP request smuggling
5086| [20383] Apache HTTP Server htdigest buffer overflow
5087| [19681] Apache Tomcat AJP12 request denial of service
5088| [18993] Apache HTTP server check_forensic symlink attack
5089| [18790] Apache Tomcat Manager cross-site scripting
5090| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5091| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5092| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5093| [17961] Apache Web server ServerTokens has not been set
5094| [17930] Apache HTTP Server HTTP GET request denial of service
5095| [17785] Apache mod_include module buffer overflow
5096| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5097| [17473] Apache HTTP Server Satisfy directive allows access to resources
5098| [17413] Apache htpasswd buffer overflow
5099| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5100| [17382] Apache HTTP Server IPv6 apr_util denial of service
5101| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5102| [17273] Apache HTTP Server speculative mode denial of service
5103| [17200] Apache HTTP Server mod_ssl denial of service
5104| [16890] Apache HTTP Server server-info request has been detected
5105| [16889] Apache HTTP Server server-status request has been detected
5106| [16705] Apache mod_ssl format string attack
5107| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5108| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5109| [16230] Apache HTTP Server PHP denial of service
5110| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5111| [15958] Apache HTTP Server authentication modules memory corruption
5112| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5113| [15540] Apache HTTP Server socket starvation denial of service
5114| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5115| [15422] Apache HTTP Server mod_access information disclosure
5116| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5117| [15293] Apache for Cygwin "
5118| [15065] Apache-SSL has a default password
5119| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5120| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5121| [14751] Apache Mod_python output filter information disclosure
5122| [14125] Apache HTTP Server mod_userdir module information disclosure
5123| [14075] Apache HTTP Server mod_php file descriptor leak
5124| [13703] Apache HTTP Server account
5125| [13689] Apache HTTP Server configuration allows symlinks
5126| [13688] Apache HTTP Server configuration allows SSI
5127| [13687] Apache HTTP Server Server: header value
5128| [13685] Apache HTTP Server ServerTokens value
5129| [13684] Apache HTTP Server ServerSignature value
5130| [13672] Apache HTTP Server config allows directory autoindexing
5131| [13671] Apache HTTP Server default content
5132| [13670] Apache HTTP Server config file directive references outside content root
5133| [13668] Apache HTTP Server httpd not running in chroot environment
5134| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5135| [13664] Apache HTTP Server config file contains ScriptAlias entry
5136| [13663] Apache HTTP Server CGI support modules loaded
5137| [13661] Apache HTTP Server config file contains AddHandler entry
5138| [13660] Apache HTTP Server 500 error page not CGI script
5139| [13659] Apache HTTP Server 413 error page not CGI script
5140| [13658] Apache HTTP Server 403 error page not CGI script
5141| [13657] Apache HTTP Server 401 error page not CGI script
5142| [13552] Apache HTTP Server mod_cgid module information disclosure
5143| [13550] Apache GET request directory traversal
5144| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5145| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5146| [13429] Apache Tomcat non-HTTP request denial of service
5147| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5148| [13295] Apache weak password encryption
5149| [13254] Apache Tomcat .jsp cross-site scripting
5150| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5151| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5152| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5153| [12662] Apache HTTP Server rotatelogs denial of service
5154| [12554] Apache Tomcat stores password in plain text
5155| [12553] Apache HTTP Server redirects and subrequests denial of service
5156| [12552] Apache HTTP Server FTP proxy server denial of service
5157| [12551] Apache HTTP Server prefork MPM denial of service
5158| [12550] Apache HTTP Server weaker than expected encryption
5159| [12549] Apache HTTP Server type-map file denial of service
5160| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5161| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5162| [12091] Apache HTTP Server apr_password_validate denial of service
5163| [12090] Apache HTTP Server apr_psprintf code execution
5164| [11804] Apache HTTP Server mod_access_referer denial of service
5165| [11750] Apache HTTP Server could leak sensitive file descriptors
5166| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5167| [11703] Apache long slash path allows directory listing
5168| [11695] Apache HTTP Server LF (Line Feed) denial of service
5169| [11694] Apache HTTP Server filestat.c denial of service
5170| [11438] Apache HTTP Server MIME message boundaries information disclosure
5171| [11412] Apache HTTP Server error log terminal escape sequence injection
5172| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5173| [11195] Apache Tomcat web.xml could be used to read files
5174| [11194] Apache Tomcat URL appended with a null character could list directories
5175| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5176| [11126] Apache HTTP Server illegal character file disclosure
5177| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5178| [11124] Apache HTTP Server DOS device name denial of service
5179| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5180| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5181| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5182| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5183| [10499] Apache HTTP Server WebDAV HTTP POST view source
5184| [10457] Apache HTTP Server mod_ssl "
5185| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5186| [10414] Apache HTTP Server htdigest multiple buffer overflows
5187| [10413] Apache HTTP Server htdigest temporary file race condition
5188| [10412] Apache HTTP Server htpasswd temporary file race condition
5189| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5190| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5191| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5192| [10280] Apache HTTP Server shared memory scorecard overwrite
5193| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5194| [10241] Apache HTTP Server Host: header cross-site scripting
5195| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5196| [10208] Apache HTTP Server mod_dav denial of service
5197| [10206] HP VVOS Apache mod_ssl denial of service
5198| [10200] Apache HTTP Server stderr denial of service
5199| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5200| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5201| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5202| [10098] Slapper worm targets OpenSSL/Apache systems
5203| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5204| [9875] Apache HTTP Server .var file request could disclose installation path
5205| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5206| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5207| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5208| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5209| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5210| [9396] Apache Tomcat null character to threads denial of service
5211| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5212| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5213| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5214| [8932] Apache Tomcat example class information disclosure
5215| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5216| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5217| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5218| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5219| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5220| [8400] Apache HTTP Server mod_frontpage buffer overflows
5221| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5222| [8308] Apache "
5223| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5224| [8119] Apache and PHP OPTIONS request reveals "
5225| [8054] Apache is running on the system
5226| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5227| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5228| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5229| [7836] Apache HTTP Server log directory denial of service
5230| [7815] Apache for Windows "
5231| [7810] Apache HTTP request could result in unexpected behavior
5232| [7599] Apache Tomcat reveals installation path
5233| [7494] Apache "
5234| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5235| [7363] Apache Web Server hidden HTTP requests
5236| [7249] Apache mod_proxy denial of service
5237| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5238| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5239| [7059] Apache "
5240| [7057] Apache "
5241| [7056] Apache "
5242| [7055] Apache "
5243| [7054] Apache "
5244| [6997] Apache Jakarta Tomcat error message may reveal information
5245| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5246| [6970] Apache crafted HTTP request could reveal the internal IP address
5247| [6921] Apache long slash path allows directory listing
5248| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5249| [6527] Apache Web Server for Windows and OS2 denial of service
5250| [6316] Apache Jakarta Tomcat may reveal JSP source code
5251| [6305] Apache Jakarta Tomcat directory traversal
5252| [5926] Linux Apache symbolic link
5253| [5659] Apache Web server discloses files when used with php script
5254| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5255| [5204] Apache WebDAV directory listings
5256| [5197] Apache Web server reveals CGI script source code
5257| [5160] Apache Jakarta Tomcat default installation
5258| [5099] Trustix Secure Linux installs Apache with world writable access
5259| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5260| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5261| [4931] Apache source.asp example file allows users to write to files
5262| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5263| [4205] Apache Jakarta Tomcat delivers file contents
5264| [2084] Apache on Debian by default serves the /usr/doc directory
5265| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5266| [697] Apache HTTP server beck exploit
5267| [331] Apache cookies buffer overflow
5268|
5269| Exploit-DB - https://www.exploit-db.com:
5270| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5271| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5272| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5273| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5274| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5275| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5276| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5277| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5278| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5279| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5280| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5281| [29859] Apache Roller OGNL Injection
5282| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5283| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5284| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5285| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5286| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5287| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5288| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5289| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5290| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5291| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5292| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5293| [27096] Apache Geronimo 1.0 Error Page XSS
5294| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5295| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5296| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5297| [25986] Plesk Apache Zeroday Remote Exploit
5298| [25980] Apache Struts includeParams Remote Code Execution
5299| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5300| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5301| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5302| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5303| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5304| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5305| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5306| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5307| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5308| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5309| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5310| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5311| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5312| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5313| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5314| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5315| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5316| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5317| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5318| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5319| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5320| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5321| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5322| [21719] Apache 2.0 Path Disclosure Vulnerability
5323| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5324| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5325| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5326| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5327| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5328| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5329| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5330| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5331| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5332| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5333| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5334| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5335| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5336| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5337| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5338| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5339| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5340| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5341| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5342| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5343| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5344| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5345| [20558] Apache 1.2 Web Server DoS Vulnerability
5346| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5347| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5348| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5349| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5350| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5351| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5352| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5353| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5354| [19231] PHP apache_request_headers Function Buffer Overflow
5355| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5356| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5357| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5358| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5359| [18442] Apache httpOnly Cookie Disclosure
5360| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5361| [18221] Apache HTTP Server Denial of Service
5362| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5363| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5364| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5365| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5366| [16782] Apache Win32 Chunked Encoding
5367| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5368| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5369| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5370| [15319] Apache 2.2 (Windows) Local Denial of Service
5371| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5372| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5373| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5374| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5375| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5376| [12330] Apache OFBiz - Multiple XSS
5377| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5378| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5379| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5380| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5381| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5382| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5383| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5384| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5385| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5386| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5387| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5388| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5389| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5390| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5391| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5392| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5393| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5394| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5395| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5396| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5397| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5398| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5399| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5400| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5401| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5402| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5403| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5404| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5405| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5406| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5407| [466] htpasswd Apache 1.3.31 - Local Exploit
5408| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5409| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5410| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5411| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5412| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5413| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5414| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5415| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5416| [9] Apache HTTP Server 2.x Memory Leak Exploit
5417|
5418| OpenVAS (Nessus) - http://www.openvas.org:
5419| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5420| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5421| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5422| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5423| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5424| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5425| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5426| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5427| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5428| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5429| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5430| [900571] Apache APR-Utils Version Detection
5431| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5432| [900496] Apache Tiles Multiple XSS Vulnerability
5433| [900493] Apache Tiles Version Detection
5434| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5435| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5436| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5437| [870175] RedHat Update for apache RHSA-2008:0004-01
5438| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5439| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5440| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5441| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5442| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5443| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5444| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5445| [855821] Solaris Update for Apache 1.3 122912-19
5446| [855812] Solaris Update for Apache 1.3 122911-19
5447| [855737] Solaris Update for Apache 1.3 122911-17
5448| [855731] Solaris Update for Apache 1.3 122912-17
5449| [855695] Solaris Update for Apache 1.3 122911-16
5450| [855645] Solaris Update for Apache 1.3 122912-16
5451| [855587] Solaris Update for kernel update and Apache 108529-29
5452| [855566] Solaris Update for Apache 116973-07
5453| [855531] Solaris Update for Apache 116974-07
5454| [855524] Solaris Update for Apache 2 120544-14
5455| [855494] Solaris Update for Apache 1.3 122911-15
5456| [855478] Solaris Update for Apache Security 114145-11
5457| [855472] Solaris Update for Apache Security 113146-12
5458| [855179] Solaris Update for Apache 1.3 122912-15
5459| [855147] Solaris Update for kernel update and Apache 108528-29
5460| [855077] Solaris Update for Apache 2 120543-14
5461| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5462| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5463| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5464| [841209] Ubuntu Update for apache2 USN-1627-1
5465| [840900] Ubuntu Update for apache2 USN-1368-1
5466| [840798] Ubuntu Update for apache2 USN-1259-1
5467| [840734] Ubuntu Update for apache2 USN-1199-1
5468| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5469| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5470| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5471| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5472| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5473| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5474| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5475| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5476| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5477| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5478| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5479| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5480| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5481| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5482| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5483| [835188] HP-UX Update for Apache HPSBUX02308
5484| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5485| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5486| [835172] HP-UX Update for Apache HPSBUX02365
5487| [835168] HP-UX Update for Apache HPSBUX02313
5488| [835148] HP-UX Update for Apache HPSBUX01064
5489| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5490| [835131] HP-UX Update for Apache HPSBUX00256
5491| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5492| [835104] HP-UX Update for Apache HPSBUX00224
5493| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5494| [835101] HP-UX Update for Apache HPSBUX01232
5495| [835080] HP-UX Update for Apache HPSBUX02273
5496| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5497| [835044] HP-UX Update for Apache HPSBUX01019
5498| [835040] HP-UX Update for Apache PHP HPSBUX00207
5499| [835025] HP-UX Update for Apache HPSBUX00197
5500| [835023] HP-UX Update for Apache HPSBUX01022
5501| [835022] HP-UX Update for Apache HPSBUX02292
5502| [835005] HP-UX Update for Apache HPSBUX02262
5503| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5504| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5505| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5506| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5507| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5508| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5509| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5510| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5511| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5512| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5513| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5514| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5515| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5516| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5517| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5518| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5519| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5520| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5521| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5522| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5523| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5524| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5525| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5526| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5527| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5528| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5529| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5530| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5531| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5532| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5533| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5534| [801942] Apache Archiva Multiple Vulnerabilities
5535| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5536| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5537| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5538| [801284] Apache Derby Information Disclosure Vulnerability
5539| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5540| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5541| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5542| [800680] Apache APR Version Detection
5543| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5544| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5545| [800677] Apache Roller Version Detection
5546| [800279] Apache mod_jk Module Version Detection
5547| [800278] Apache Struts Cross Site Scripting Vulnerability
5548| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5549| [800276] Apache Struts Version Detection
5550| [800271] Apache Struts Directory Traversal Vulnerability
5551| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5552| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5553| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5554| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5555| [103074] Apache Continuum Cross Site Scripting Vulnerability
5556| [103073] Apache Continuum Detection
5557| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5558| [101023] Apache Open For Business Weak Password security check
5559| [101020] Apache Open For Business HTML injection vulnerability
5560| [101019] Apache Open For Business service detection
5561| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5562| [100923] Apache Archiva Detection
5563| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5564| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5565| [100813] Apache Axis2 Detection
5566| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5567| [100795] Apache Derby Detection
5568| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5569| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5570| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5571| [100514] Apache Multiple Security Vulnerabilities
5572| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5573| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5574| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5575| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5576| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5577| [72612] FreeBSD Ports: apache22
5578| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5579| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5580| [71512] FreeBSD Ports: apache
5581| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5582| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5583| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5584| [70737] FreeBSD Ports: apache
5585| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5586| [70600] FreeBSD Ports: apache
5587| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5588| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5589| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5590| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5591| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5592| [67868] FreeBSD Ports: apache
5593| [66816] FreeBSD Ports: apache
5594| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5595| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5596| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5597| [66081] SLES11: Security update for Apache 2
5598| [66074] SLES10: Security update for Apache 2
5599| [66070] SLES9: Security update for Apache 2
5600| [65998] SLES10: Security update for apache2-mod_python
5601| [65893] SLES10: Security update for Apache 2
5602| [65888] SLES10: Security update for Apache 2
5603| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5604| [65510] SLES9: Security update for Apache 2
5605| [65472] SLES9: Security update for Apache
5606| [65467] SLES9: Security update for Apache
5607| [65450] SLES9: Security update for apache2
5608| [65390] SLES9: Security update for Apache2
5609| [65363] SLES9: Security update for Apache2
5610| [65309] SLES9: Security update for Apache and mod_ssl
5611| [65296] SLES9: Security update for webdav apache module
5612| [65283] SLES9: Security update for Apache2
5613| [65249] SLES9: Security update for Apache 2
5614| [65230] SLES9: Security update for Apache 2
5615| [65228] SLES9: Security update for Apache 2
5616| [65212] SLES9: Security update for apache2-mod_python
5617| [65209] SLES9: Security update for apache2-worker
5618| [65207] SLES9: Security update for Apache 2
5619| [65168] SLES9: Security update for apache2-mod_python
5620| [65142] SLES9: Security update for Apache2
5621| [65136] SLES9: Security update for Apache 2
5622| [65132] SLES9: Security update for apache
5623| [65131] SLES9: Security update for Apache 2 oes/CORE
5624| [65113] SLES9: Security update for apache2
5625| [65072] SLES9: Security update for apache and mod_ssl
5626| [65017] SLES9: Security update for Apache 2
5627| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5628| [64783] FreeBSD Ports: apache
5629| [64774] Ubuntu USN-802-2 (apache2)
5630| [64653] Ubuntu USN-813-2 (apache2)
5631| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5632| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5633| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5634| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5635| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5636| [64443] Ubuntu USN-802-1 (apache2)
5637| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5638| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5639| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5640| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5641| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5642| [64201] Ubuntu USN-787-1 (apache2)
5643| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5644| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5645| [63565] FreeBSD Ports: apache
5646| [63562] Ubuntu USN-731-1 (apache2)
5647| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5648| [61185] FreeBSD Ports: apache
5649| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5650| [60387] Slackware Advisory SSA:2008-045-02 apache
5651| [58826] FreeBSD Ports: apache-tomcat
5652| [58825] FreeBSD Ports: apache-tomcat
5653| [58804] FreeBSD Ports: apache
5654| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5655| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5656| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5657| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5658| [57335] Debian Security Advisory DSA 1167-1 (apache)
5659| [57201] Debian Security Advisory DSA 1131-1 (apache)
5660| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5661| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5662| [57145] FreeBSD Ports: apache
5663| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5664| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5665| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5666| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5667| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5668| [56067] FreeBSD Ports: apache
5669| [55803] Slackware Advisory SSA:2005-310-04 apache
5670| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5671| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5672| [55355] FreeBSD Ports: apache
5673| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5674| [55261] Debian Security Advisory DSA 805-1 (apache2)
5675| [55259] Debian Security Advisory DSA 803-1 (apache)
5676| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5677| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5678| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5679| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5680| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5681| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5682| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5683| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5684| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5685| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5686| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5687| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5688| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5689| [54439] FreeBSD Ports: apache
5690| [53931] Slackware Advisory SSA:2004-133-01 apache
5691| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5692| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5693| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5694| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5695| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5696| [53848] Debian Security Advisory DSA 131-1 (apache)
5697| [53784] Debian Security Advisory DSA 021-1 (apache)
5698| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5699| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5700| [53735] Debian Security Advisory DSA 187-1 (apache)
5701| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5702| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5703| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5704| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5705| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5706| [53282] Debian Security Advisory DSA 594-1 (apache)
5707| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5708| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5709| [53215] Debian Security Advisory DSA 525-1 (apache)
5710| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5711| [52529] FreeBSD Ports: apache+ssl
5712| [52501] FreeBSD Ports: apache
5713| [52461] FreeBSD Ports: apache
5714| [52390] FreeBSD Ports: apache
5715| [52389] FreeBSD Ports: apache
5716| [52388] FreeBSD Ports: apache
5717| [52383] FreeBSD Ports: apache
5718| [52339] FreeBSD Ports: apache+mod_ssl
5719| [52331] FreeBSD Ports: apache
5720| [52329] FreeBSD Ports: ru-apache+mod_ssl
5721| [52314] FreeBSD Ports: apache
5722| [52310] FreeBSD Ports: apache
5723| [15588] Detect Apache HTTPS
5724| [15555] Apache mod_proxy content-length buffer overflow
5725| [15554] Apache mod_include priviledge escalation
5726| [14771] Apache <= 1.3.33 htpasswd local overflow
5727| [14177] Apache mod_access rule bypass
5728| [13644] Apache mod_rootme Backdoor
5729| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5730| [12280] Apache Connection Blocking Denial of Service
5731| [12239] Apache Error Log Escape Sequence Injection
5732| [12123] Apache Tomcat source.jsp malformed request information disclosure
5733| [12085] Apache Tomcat servlet/JSP container default files
5734| [11438] Apache Tomcat Directory Listing and File disclosure
5735| [11204] Apache Tomcat Default Accounts
5736| [11092] Apache 2.0.39 Win32 directory traversal
5737| [11046] Apache Tomcat TroubleShooter Servlet Installed
5738| [11042] Apache Tomcat DOS Device Name XSS
5739| [11041] Apache Tomcat /servlet Cross Site Scripting
5740| [10938] Apache Remote Command Execution via .bat files
5741| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5742| [10773] MacOS X Finder reveals contents of Apache Web files
5743| [10766] Apache UserDir Sensitive Information Disclosure
5744| [10756] MacOS X Finder reveals contents of Apache Web directories
5745| [10752] Apache Auth Module SQL Insertion Attack
5746| [10704] Apache Directory Listing
5747| [10678] Apache /server-info accessible
5748| [10677] Apache /server-status accessible
5749| [10440] Check for Apache Multiple / vulnerability
5750|
5751| SecurityTracker - https://www.securitytracker.com:
5752| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5753| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5754| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5755| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5756| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5757| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5758| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5759| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5760| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5761| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5762| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5763| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5764| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5765| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5766| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5767| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5768| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5769| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5770| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5771| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5772| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5773| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5774| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5775| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5776| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5777| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5778| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5779| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5780| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5781| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5782| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5783| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5784| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5785| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5786| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5787| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5788| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5789| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5790| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5791| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5792| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5793| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5794| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5795| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5796| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5797| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5798| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5799| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5800| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5801| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5802| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5803| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5804| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5805| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5806| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5807| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5808| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5809| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5810| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5811| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5812| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5813| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5814| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5815| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5816| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5817| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5818| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5819| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5820| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5821| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5822| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5823| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5824| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5825| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5826| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5827| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5828| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5829| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5830| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5831| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5832| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5833| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5834| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5835| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5836| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5837| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5838| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5839| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5840| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5841| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5842| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5843| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5844| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5845| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5846| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5847| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5848| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5849| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5850| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5851| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5852| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5853| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5854| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5855| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5856| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5857| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5858| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5859| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5860| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5861| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5862| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5863| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5864| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5865| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5866| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5867| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5868| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5869| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5870| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5871| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5872| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5873| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5874| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5875| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5876| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5877| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5878| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5879| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5880| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5881| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5882| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5883| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5884| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5885| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5886| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5887| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5888| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5889| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5890| [1008920] Apache mod_digest May Validate Replayed Client Responses
5891| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5892| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5893| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5894| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5895| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5896| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5897| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5898| [1008029] Apache mod_alias Contains a Buffer Overflow
5899| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5900| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5901| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5902| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5903| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5904| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5905| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5906| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5907| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5908| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5909| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5910| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5911| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5912| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5913| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5914| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5915| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5916| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5917| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5918| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5919| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5920| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5921| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5922| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5923| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5924| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5925| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5926| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5927| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5928| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5929| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5930| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5931| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5932| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5933| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5934| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5935| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5936| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5937| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5938| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5939| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5940| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5941| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5942| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5943| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5944| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5945| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5946| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5947| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5948| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5949| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5950| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5951| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5952| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5953| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5954| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5955|
5956| OSVDB - http://www.osvdb.org:
5957| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5958| [96077] Apache CloudStack Global Settings Multiple Field XSS
5959| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5960| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5961| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5962| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5963| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5964| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5965| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5966| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5967| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5968| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5969| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5970| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5971| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5972| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5973| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5974| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5975| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5976| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5977| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5978| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5979| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5980| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5981| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5982| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5983| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5984| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5985| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5986| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5987| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5988| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5989| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5990| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5991| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5992| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5993| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5994| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5995| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5996| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5997| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5998| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5999| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6000| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6001| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6002| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6003| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6004| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6005| [94279] Apache Qpid CA Certificate Validation Bypass
6006| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6007| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6008| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6009| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6010| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6011| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6012| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6013| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6014| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6015| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6016| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6017| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6018| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6019| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6020| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6021| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6022| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6023| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6024| [93541] Apache Solr json.wrf Callback XSS
6025| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6026| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6027| [93520] Apache CloudStack Default SSL Key Weakness
6028| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6029| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6030| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6031| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6032| [93515] Apache HBase table.jsp name Parameter XSS
6033| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6034| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6035| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6036| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6037| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6038| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6039| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6040| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6041| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6042| [93252] Apache Tomcat FORM Authenticator Session Fixation
6043| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6044| [93171] Apache Sling HtmlResponse Error Message XSS
6045| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6046| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6047| [93168] Apache Click ErrorReport.java id Parameter XSS
6048| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6049| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6050| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6051| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6052| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6053| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6054| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6055| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6056| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6057| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6058| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6059| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6060| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6061| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6062| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6063| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6064| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6065| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6066| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6067| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6068| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6069| [93144] Apache Solr Admin Command Execution CSRF
6070| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6071| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6072| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6073| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6074| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6075| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6076| [92748] Apache CloudStack VM Console Access Restriction Bypass
6077| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6078| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6079| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6080| [92706] Apache ActiveMQ Debug Log Rendering XSS
6081| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6082| [92270] Apache Tomcat Unspecified CSRF
6083| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6084| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6085| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6086| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6087| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6088| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6089| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6090| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6091| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6092| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6093| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6094| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6095| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6096| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6097| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6098| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6099| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6100| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6101| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6102| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6103| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6104| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6105| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6106| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6107| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6108| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6109| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6110| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6111| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6112| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6113| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6114| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6115| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6116| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6117| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6118| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6119| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6120| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6121| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6122| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6123| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6124| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6125| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6126| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6127| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6128| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6129| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6130| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6131| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6132| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6133| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6134| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6135| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6136| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6137| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6138| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6139| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6140| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6141| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6142| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6143| [86901] Apache Tomcat Error Message Path Disclosure
6144| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6145| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6146| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6147| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6148| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6149| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6150| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6151| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6152| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6153| [85430] Apache mod_pagespeed Module Unspecified XSS
6154| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6155| [85249] Apache Wicket Unspecified XSS
6156| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6157| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6158| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6159| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6160| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6161| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6162| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6163| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6164| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6165| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6166| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6167| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6168| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6169| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6170| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6171| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6172| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6173| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6174| [83339] Apache Roller Blogger Roll Unspecified XSS
6175| [83270] Apache Roller Unspecified Admin Action CSRF
6176| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6177| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6178| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6179| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6180| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6181| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6182| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6183| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6184| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6185| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6186| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6187| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6188| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6189| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6190| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6191| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6192| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6193| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6194| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6195| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6196| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6197| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6198| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6199| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6200| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6201| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6202| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6203| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6204| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6205| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6206| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6207| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6208| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6209| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6210| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6211| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6212| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6213| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6214| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6215| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6216| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6217| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6218| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6219| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6220| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6221| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6222| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6223| [77593] Apache Struts Conversion Error OGNL Expression Injection
6224| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6225| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6226| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6227| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6228| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6229| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6230| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6231| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6232| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6233| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6234| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6235| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6236| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6237| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6238| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6239| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6240| [74725] Apache Wicket Multi Window Support Unspecified XSS
6241| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6242| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6243| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6244| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6245| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6246| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6247| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6248| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6249| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6250| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6251| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6252| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6253| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6254| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6255| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6256| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6257| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6258| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6259| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6260| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6261| [73154] Apache Archiva Multiple Unspecified CSRF
6262| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6263| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6264| [72238] Apache Struts Action / Method Names <
6265| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6266| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6267| [71557] Apache Tomcat HTML Manager Multiple XSS
6268| [71075] Apache Archiva User Management Page XSS
6269| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6270| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6271| [70924] Apache Continuum Multiple Admin Function CSRF
6272| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6273| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6274| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6275| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6276| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6277| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6278| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6279| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6280| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6281| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6282| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6283| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6284| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6285| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6286| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6287| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6288| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6289| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6290| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6291| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6292| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6293| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6294| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6295| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6296| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6297| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6298| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6299| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6300| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6301| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6302| [65054] Apache ActiveMQ Jetty Error Handler XSS
6303| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6304| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6305| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6306| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6307| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6308| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6309| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6310| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6311| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6312| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6313| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6314| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6315| [63895] Apache HTTP Server mod_headers Unspecified Issue
6316| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6317| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6318| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6319| [63140] Apache Thrift Service Malformed Data Remote DoS
6320| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6321| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6322| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6323| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6324| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6325| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6326| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6327| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6328| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6329| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6330| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6331| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6332| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6333| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6334| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6335| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6336| [60678] Apache Roller Comment Email Notification Manipulation DoS
6337| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6338| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6339| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6340| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6341| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6342| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6343| [60232] PHP on Apache php.exe Direct Request Remote DoS
6344| [60176] Apache Tomcat Windows Installer Admin Default Password
6345| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6346| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6347| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6348| [59944] Apache Hadoop jobhistory.jsp XSS
6349| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6350| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6351| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6352| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6353| [59019] Apache mod_python Cookie Salting Weakness
6354| [59018] Apache Harmony Error Message Handling Overflow
6355| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6356| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6357| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6358| [59010] Apache Solr get-file.jsp XSS
6359| [59009] Apache Solr action.jsp XSS
6360| [59008] Apache Solr analysis.jsp XSS
6361| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6362| [59006] Apache Beehive select / checkbox Tag XSS
6363| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6364| [59004] Apache Beehive Error Message XSS
6365| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6366| [59002] Apache Jetspeed default-page.psml URI XSS
6367| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6368| [59000] Apache CXF Unsigned Message Policy Bypass
6369| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6370| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6371| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6372| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6373| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6374| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6375| [58993] Apache Hadoop browseBlock.jsp XSS
6376| [58991] Apache Hadoop browseDirectory.jsp XSS
6377| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6378| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6379| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6380| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6381| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6382| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6383| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6384| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6385| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6386| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6387| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6388| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6389| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6390| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6391| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6392| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6393| [58974] Apache Sling /apps Script User Session Management Access Weakness
6394| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6395| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6396| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6397| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6398| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6399| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6400| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6401| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6402| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6403| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6404| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6405| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6406| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6407| [58805] Apache Derby Unauthenticated Database / Admin Access
6408| [58804] Apache Wicket Header Contribution Unspecified Issue
6409| [58803] Apache Wicket Session Fixation
6410| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6411| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6412| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6413| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6414| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6415| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6416| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6417| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6418| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6419| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6420| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6421| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6422| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6423| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6424| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6425| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6426| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6427| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6428| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6429| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6430| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6431| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6432| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6433| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6434| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6435| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6436| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6437| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6438| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6439| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6440| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6441| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6442| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6443| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6444| [58755] Apache Harmony DRLVM Non-public Class Member Access
6445| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6446| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6447| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6448| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6449| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6450| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6451| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6452| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6453| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6454| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6455| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6456| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6457| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6458| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6459| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6460| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6461| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6462| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6463| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6464| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6465| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6466| [58724] Apache Roller Logout Functionality Failure Session Persistence
6467| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6468| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6469| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6470| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6471| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6472| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6473| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6474| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6475| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6476| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6477| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6478| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6479| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6480| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6481| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6482| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6483| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6484| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6485| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6486| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6487| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6488| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6489| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6490| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6491| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6492| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6493| [58687] Apache Axis Invalid wsdl Request XSS
6494| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6495| [58685] Apache Velocity Template Designer Privileged Code Execution
6496| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6497| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6498| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6499| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6500| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6501| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6502| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6503| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6504| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6505| [58667] Apache Roller Database Cleartext Passwords Disclosure
6506| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6507| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6508| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6509| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6510| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6511| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6512| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6513| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6514| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6515| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6516| [56984] Apache Xerces2 Java Malformed XML Input DoS
6517| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6518| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6519| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6520| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6521| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6522| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6523| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6524| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6525| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6526| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6527| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6528| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6529| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6530| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6531| [55056] Apache Tomcat Cross-application TLD File Manipulation
6532| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6533| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6534| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6535| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6536| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6537| [54589] Apache Jserv Nonexistent JSP Request XSS
6538| [54122] Apache Struts s:a / s:url Tag href Element XSS
6539| [54093] Apache ActiveMQ Web Console JMS Message XSS
6540| [53932] Apache Geronimo Multiple Admin Function CSRF
6541| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6542| [53930] Apache Geronimo /console/portal/ URI XSS
6543| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6544| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6545| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6546| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6547| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6548| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6549| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6550| [53380] Apache Struts Unspecified XSS
6551| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6552| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6553| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6554| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6555| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6556| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6557| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6558| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6559| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6560| [51151] Apache Roller Search Function q Parameter XSS
6561| [50482] PHP with Apache php_value Order Unspecified Issue
6562| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6563| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6564| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6565| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6566| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6567| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6568| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6569| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6570| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6571| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6572| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6573| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6574| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6575| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6576| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6577| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6578| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6579| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6580| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6581| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6582| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6583| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6584| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6585| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6586| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6587| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6588| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6589| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6590| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6591| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6592| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6593| [43452] Apache Tomcat HTTP Request Smuggling
6594| [43309] Apache Geronimo LoginModule Login Method Bypass
6595| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6596| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6597| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6598| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6599| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6600| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6601| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6602| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6603| [42091] Apache Maven Site Plugin Installation Permission Weakness
6604| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6605| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6606| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6607| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6608| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6609| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6610| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6611| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6612| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6613| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6614| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6615| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6616| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6617| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6618| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6619| [40262] Apache HTTP Server mod_status refresh XSS
6620| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6621| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6622| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6623| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6624| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6625| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6626| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6627| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6628| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6629| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6630| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6631| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6632| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6633| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6634| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6635| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6636| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6637| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6638| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6639| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6640| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6641| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6642| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6643| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6644| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6645| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6646| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6647| [36079] Apache Tomcat Manager Uploaded Filename XSS
6648| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6649| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6650| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6651| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6652| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6653| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6654| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6655| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6656| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6657| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6658| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6659| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6660| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6661| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6662| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6663| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6664| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6665| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6666| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6667| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6668| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6669| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6670| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6671| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6672| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6673| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6674| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6675| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6676| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6677| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6678| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6679| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6680| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6681| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6682| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6683| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6684| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6685| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6686| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6687| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6688| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6689| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6690| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6691| [24365] Apache Struts Multiple Function Error Message XSS
6692| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6693| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6694| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6695| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6696| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6697| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6698| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6699| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6700| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6701| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6702| [22459] Apache Geronimo Error Page XSS
6703| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6704| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6705| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6706| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6707| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6708| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6709| [21021] Apache Struts Error Message XSS
6710| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6711| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6712| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6713| [20439] Apache Tomcat Directory Listing Saturation DoS
6714| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6715| [20285] Apache HTTP Server Log File Control Character Injection
6716| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6717| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6718| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6719| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6720| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6721| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6722| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6723| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6724| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6725| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6726| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6727| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6728| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6729| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6730| [18233] Apache HTTP Server htdigest user Variable Overfow
6731| [17738] Apache HTTP Server HTTP Request Smuggling
6732| [16586] Apache HTTP Server Win32 GET Overflow DoS
6733| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6734| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6735| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6736| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6737| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6738| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6739| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6740| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6741| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6742| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6743| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6744| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6745| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6746| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6747| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6748| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6749| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6750| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6751| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6752| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6753| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6754| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6755| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6756| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6757| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6758| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6759| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6760| [13304] Apache Tomcat realPath.jsp Path Disclosure
6761| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6762| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6763| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6764| [12848] Apache HTTP Server htdigest realm Variable Overflow
6765| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6766| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6767| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6768| [12557] Apache HTTP Server prefork MPM accept Error DoS
6769| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6770| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6771| [12231] Apache Tomcat web.xml Arbitrary File Access
6772| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6773| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6774| [12178] Apache Jakarta Lucene results.jsp XSS
6775| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6776| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6777| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6778| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6779| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6780| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6781| [10471] Apache Xerces-C++ XML Parser DoS
6782| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6783| [10068] Apache HTTP Server htpasswd Local Overflow
6784| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6785| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6786| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6787| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6788| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6789| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6790| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6791| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6792| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6793| [9714] Apache Authentication Module Threaded MPM DoS
6794| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6795| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6796| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6797| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6798| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6799| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6800| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6801| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6802| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6803| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6804| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6805| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6806| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6807| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6808| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6809| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6810| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6811| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6812| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6813| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6814| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6815| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6816| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6817| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6818| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6819| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6820| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6821| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6822| [9208] Apache Tomcat .jsp Encoded Newline XSS
6823| [9204] Apache Tomcat ROOT Application XSS
6824| [9203] Apache Tomcat examples Application XSS
6825| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6826| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6827| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6828| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6829| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6830| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6831| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6832| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6833| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6834| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6835| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6836| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6837| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6838| [7611] Apache HTTP Server mod_alias Local Overflow
6839| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6840| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6841| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6842| [6882] Apache mod_python Malformed Query String Variant DoS
6843| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6844| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6845| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6846| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6847| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6848| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6849| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6850| [5278] Apache Tomcat web.xml Restriction Bypass
6851| [5051] Apache Tomcat Null Character DoS
6852| [4973] Apache Tomcat servlet Mapping XSS
6853| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6854| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6855| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6856| [4568] mod_survey For Apache ENV Tags SQL Injection
6857| [4553] Apache HTTP Server ApacheBench Overflow DoS
6858| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6859| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6860| [4383] Apache HTTP Server Socket Race Condition DoS
6861| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6862| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6863| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6864| [4231] Apache Cocoon Error Page Server Path Disclosure
6865| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6866| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6867| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6868| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6869| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6870| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6871| [3322] mod_php for Apache HTTP Server Process Hijack
6872| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6873| [2885] Apache mod_python Malformed Query String DoS
6874| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6875| [2733] Apache HTTP Server mod_rewrite Local Overflow
6876| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6877| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6878| [2149] Apache::Gallery Privilege Escalation
6879| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6880| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6881| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6882| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6883| [872] Apache Tomcat Multiple Default Accounts
6884| [862] Apache HTTP Server SSI Error Page XSS
6885| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6886| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6887| [845] Apache Tomcat MSDOS Device XSS
6888| [844] Apache Tomcat Java Servlet Error Page XSS
6889| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6890| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6891| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6892| [775] Apache mod_python Module Importing Privilege Function Execution
6893| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6894| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6895| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6896| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6897| [637] Apache HTTP Server UserDir Directive Username Enumeration
6898| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6899| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6900| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6901| [561] Apache Web Servers mod_status /server-status Information Disclosure
6902| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6903| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6904| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6905| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6906| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6907| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6908| [376] Apache Tomcat contextAdmin Arbitrary File Access
6909| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6910| [222] Apache HTTP Server test-cgi Arbitrary File Access
6911| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6912| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6913|_
6914Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6915OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
6916No OS matches for host
6917Uptime guess: 0.006 days (since Sun Jan 19 14:06:53 2020)
6918Network Distance: 21 hops
6919TCP Sequence Prediction: Difficulty=261 (Good luck!)
6920IP ID Sequence Generation: All zeros
6921
6922TRACEROUTE (using port 80/tcp)
6923HOP RTT ADDRESS
69241 129.62 ms 10.251.204.1
69252 129.66 ms 104.245.145.177
69263 129.72 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
69274 129.69 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
69285 129.72 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
69296 129.78 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
69307 129.76 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
69318 129.82 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
69329 129.85 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
693310 55.97 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
693411 144.89 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
693512 103.73 ms ae-0.r22.sttlwa01.us.bb.gin.ntt.net (129.250.6.29)
693613 229.75 ms ae-13.r30.tokyjp05.jp.bb.gin.ntt.net (129.250.4.143)
693714 229.73 ms ae-2.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.6.127)
693815 199.02 ms 61.120.144.210
693916 229.67 ms 210.155.131.79
694017 229.68 ms 210.155.132.27
694118 229.69 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
694219 229.66 ms 210.155.133.232
694320 ...
694421 220.46 ms sv3.isle.ne.jp (211.13.196.135)
6945
6946NSE: Script Post-scanning.
6947Initiating NSE at 14:15
6948Completed NSE at 14:15, 0.00s elapsed
6949Initiating NSE at 14:15
6950Completed NSE at 14:15, 0.00s elapsed
6951#####################################################################################################################################
6952Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:16 EST
6953NSE: Loaded 162 scripts for scanning.
6954NSE: Script Pre-scanning.
6955Initiating NSE at 14:16
6956Completed NSE at 14:16, 0.00s elapsed
6957Initiating NSE at 14:16
6958Completed NSE at 14:16, 0.00s elapsed
6959Initiating Parallel DNS resolution of 1 host. at 14:16
6960Completed Parallel DNS resolution of 1 host. at 14:16, 0.02s elapsed
6961Initiating SYN Stealth Scan at 14:16
6962Scanning sv3.isle.ne.jp (211.13.196.135) [1 port]
6963Completed SYN Stealth Scan at 14:16, 2.06s elapsed (1 total ports)
6964Initiating Service scan at 14:16
6965Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
6966Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
6967Initiating Traceroute at 14:16
6968Completed Traceroute at 14:16, 6.09s elapsed
6969Initiating Parallel DNS resolution of 19 hosts. at 14:16
6970Completed Parallel DNS resolution of 19 hosts. at 14:16, 5.66s elapsed
6971NSE: Script scanning 211.13.196.135.
6972Initiating NSE at 14:16
6973Completed NSE at 14:16, 0.01s elapsed
6974Initiating NSE at 14:16
6975Completed NSE at 14:16, 0.00s elapsed
6976Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
6977Host is up.
6978
6979PORT STATE SERVICE VERSION
6980443/tcp filtered https
6981Too many fingerprints match this host to give specific OS details
6982
6983TRACEROUTE (using proto 1/icmp)
6984HOP RTT ADDRESS
69851 36.93 ms 10.251.204.1
69862 66.36 ms 104.245.145.177
69873 66.44 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
69884 66.43 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
69895 66.43 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
69906 66.49 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
69917 66.53 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
69928 66.56 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
69939 66.61 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
699410 66.66 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
699511 92.68 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
699612 135.29 ms ae-0.r22.sttlwa01.us.bb.gin.ntt.net (129.250.6.29)
699713 232.21 ms ae-13.r30.tokyjp05.jp.bb.gin.ntt.net (129.250.4.143)
699814 263.07 ms ae-2.r00.tokyjp08.jp.bb.gin.ntt.net (129.250.6.127)
699915 229.82 ms 61.120.144.210
700016 263.07 ms IKB-CORE-GR62-TG11.mex.ad.jp (210.155.131.107)
700117 262.90 ms 210.155.132.27
700218 263.06 ms IKB-CSTM-JEX15-XE-0-0-0.mex.ad.jp (210.155.137.179)
700319 262.93 ms 210.155.133.232
700420 ... 30
7005
7006NSE: Script Post-scanning.
7007Initiating NSE at 14:16
7008Completed NSE at 14:16, 0.00s elapsed
7009Initiating NSE at 14:16
7010Completed NSE at 14:16, 0.00s elapsed
7011######################################################################################################################################
7012Version: 1.11.13-static
7013OpenSSL 1.0.2-chacha (1.0.2g-dev)
7014
7015Connected to 211.13.196.135
7016
7017Testing SSL server 211.13.196.135 on port 443 using SNI name 211.13.196.135
7018
7019 TLS Fallback SCSV:
7020Server supports TLS Fallback SCSV
7021
7022 TLS renegotiation:
7023Secure session renegotiation supported
7024
7025 TLS Compression:
7026Compression disabled
7027
7028 Heartbleed:
7029TLS 1.2 not vulnerable to heartbleed
7030TLS 1.1 not vulnerable to heartbleed
7031TLS 1.0 not vulnerable to heartbleed
7032
7033 Supported Server Cipher(s):
7034Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
7035Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
7036Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
7037Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
7038Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
7039Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
7040Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7041Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7042Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
7043Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
7044Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
7045Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
7046Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
7047Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
7048Accepted TLSv1.2 128 bits AES128-GCM-SHA256
7049Accepted TLSv1.2 256 bits AES256-GCM-SHA384
7050Accepted TLSv1.2 128 bits AES128-SHA256
7051Accepted TLSv1.2 256 bits AES256-SHA256
7052Accepted TLSv1.2 128 bits AES128-SHA
7053Accepted TLSv1.2 256 bits AES256-SHA
7054Accepted TLSv1.2 112 bits DES-CBC3-SHA
7055Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7056Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7057Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
7058Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
7059Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
7060Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
7061Accepted TLSv1.1 128 bits AES128-SHA
7062Accepted TLSv1.1 256 bits AES256-SHA
7063Accepted TLSv1.1 112 bits DES-CBC3-SHA
7064Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7065Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7066Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
7067Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
7068Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
7069Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
7070Accepted TLSv1.0 128 bits AES128-SHA
7071Accepted TLSv1.0 256 bits AES256-SHA
7072Accepted TLSv1.0 112 bits DES-CBC3-SHA
7073
7074 SSL Certificate:
7075Signature Algorithm: sha256WithRSAEncryption
7076RSA Key Strength: 2048
7077
7078Subject: sni.red.shared-server.net
7079Issuer: sni.red.shared-server.net
7080
7081Not valid before: Apr 10 02:09:25 2017 GMT
7082Not valid after: Apr 8 02:09:25 2027 GMT
7083#####################################################################################################################################
7084Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:21 EST
7085NSE: Loaded 47 scripts for scanning.
7086NSE: Script Pre-scanning.
7087Initiating NSE at 14:21
7088Completed NSE at 14:21, 0.00s elapsed
7089Initiating NSE at 14:21
7090Completed NSE at 14:21, 0.00s elapsed
7091Initiating Parallel DNS resolution of 1 host. at 14:21
7092Completed Parallel DNS resolution of 1 host. at 14:21, 0.02s elapsed
7093Initiating SYN Stealth Scan at 14:21
7094Scanning sv3.isle.ne.jp (211.13.196.135) [65535 ports]
7095Discovered open port 80/tcp on 211.13.196.135
7096Discovered open port 443/tcp on 211.13.196.135
7097SYN Stealth Scan Timing: About 9.56% done; ETC: 14:26 (0:04:53 remaining)
7098SYN Stealth Scan Timing: About 28.94% done; ETC: 14:24 (0:02:30 remaining)
7099SYN Stealth Scan Timing: About 51.74% done; ETC: 14:24 (0:01:25 remaining)
7100SYN Stealth Scan Timing: About 72.65% done; ETC: 14:23 (0:00:46 remaining)
7101Completed SYN Stealth Scan at 14:23, 147.63s elapsed (65535 total ports)
7102Initiating Service scan at 14:23
7103Scanning 2 services on sv3.isle.ne.jp (211.13.196.135)
7104Completed Service scan at 14:23, 13.49s elapsed (2 services on 1 host)
7105Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
7106Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
7107Initiating Traceroute at 14:23
7108Completed Traceroute at 14:23, 0.17s elapsed
7109Initiating Parallel DNS resolution of 2 hosts. at 14:23
7110Completed Parallel DNS resolution of 2 hosts. at 14:23, 0.00s elapsed
7111NSE: Script scanning 211.13.196.135.
7112Initiating NSE at 14:23
7113Completed NSE at 14:24, 20.91s elapsed
7114Initiating NSE at 14:24
7115Completed NSE at 14:24, 1.99s elapsed
7116Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
7117Host is up (0.13s latency).
7118Not shown: 65529 filtered ports
7119PORT STATE SERVICE VERSION
712025/tcp closed smtp
712180/tcp open http Apache httpd
7122|_http-server-header: Apache
7123| vulscan: VulDB - https://vuldb.com:
7124| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7125| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7126| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7127| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7128| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7129| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7130| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7131| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7132| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7133| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7134| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7135| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7136| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7137| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7138| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7139| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7140| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7141| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7142| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7143| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7144| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7145| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7146| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7147| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7148| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7149| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7150| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7151| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7152| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7153| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7154| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7155| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7156| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7157| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7158| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7159| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7160| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7161| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7162| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7163| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7164| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7165| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7166| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7167| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7168| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7169| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7170| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7171| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7172| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7173| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7174| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7175| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7176| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7177| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7178| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7179| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7180| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7181| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7182| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7183| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7184| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7185| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7186| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7187| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7188| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7189| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7190| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7191| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7192| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7193| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7194| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7195| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7196| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7197| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7198| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7199| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7200| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7201| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7202| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7203| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7204| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7205| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7206| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7207| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7208| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7209| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7210| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7211| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7212| [136370] Apache Fineract up to 1.2.x sql injection
7213| [136369] Apache Fineract up to 1.2.x sql injection
7214| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7215| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7216| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7217| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7218| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7219| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7220| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7221| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7222| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7223| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7224| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7225| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7226| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7227| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7228| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7229| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7230| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7231| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7232| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7233| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7234| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7235| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7236| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7237| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7238| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7239| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7240| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7241| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7242| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7243| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7244| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7245| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7246| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7247| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7248| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7249| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7250| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7251| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7252| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7253| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7254| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7255| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7256| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7257| [130629] Apache Guacamole Cookie Flag weak encryption
7258| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7259| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7260| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7261| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7262| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7263| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7264| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7265| [130123] Apache Airflow up to 1.8.2 information disclosure
7266| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7267| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7268| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7269| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7270| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7271| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7272| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7273| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7274| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7275| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7276| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7277| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7278| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7279| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7280| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7281| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7282| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7283| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7284| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7285| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7286| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7287| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7288| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7289| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7290| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7291| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7292| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7293| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7294| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7295| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7296| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7297| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7298| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7299| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7300| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7301| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7302| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7303| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7304| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7305| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7306| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7307| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7308| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7309| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7310| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7311| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7312| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7313| [127007] Apache Spark Request Code Execution
7314| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7315| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7316| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7317| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7318| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7319| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7320| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7321| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7322| [126346] Apache Tomcat Path privilege escalation
7323| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7324| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7325| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7326| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7327| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7328| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7329| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7330| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7331| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7332| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7333| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7334| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7335| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7336| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7337| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7338| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7339| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7340| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7341| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7342| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7343| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7344| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7345| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7346| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7347| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7348| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7349| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7350| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7351| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7352| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7353| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7354| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7355| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7356| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7357| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7358| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7359| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7360| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7361| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7362| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7363| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7364| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7365| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7366| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7367| [123197] Apache Sentry up to 2.0.0 privilege escalation
7368| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7369| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7370| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7371| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7372| [122800] Apache Spark 1.3.0 REST API weak authentication
7373| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7374| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7375| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7376| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7377| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7378| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7379| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7380| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7381| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7382| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7383| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7384| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7385| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7386| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7387| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7388| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7389| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7390| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7391| [121354] Apache CouchDB HTTP API Code Execution
7392| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7393| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7394| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7395| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7396| [120168] Apache CXF weak authentication
7397| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7398| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7399| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7400| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7401| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7402| [119306] Apache MXNet Network Interface privilege escalation
7403| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7404| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7405| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7406| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7407| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7408| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7409| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7410| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7411| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7412| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7413| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7414| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7415| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7416| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7417| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7418| [117115] Apache Tika up to 1.17 tika-server command injection
7419| [116929] Apache Fineract getReportType Parameter privilege escalation
7420| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7421| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7422| [116926] Apache Fineract REST Parameter privilege escalation
7423| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7424| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7425| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7426| [115883] Apache Hive up to 2.3.2 privilege escalation
7427| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7428| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7429| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7430| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7431| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7432| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7433| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7434| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7435| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7436| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7437| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7438| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7439| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7440| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7441| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7442| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7443| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7444| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7445| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7446| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7447| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7448| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7449| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7450| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7451| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7452| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7453| [113895] Apache Geode up to 1.3.x Code Execution
7454| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7455| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7456| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7457| [113747] Apache Tomcat Servlets privilege escalation
7458| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7459| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7460| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7461| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7462| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7463| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7464| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7465| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7466| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7467| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7468| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7469| [112885] Apache Allura up to 1.8.0 File information disclosure
7470| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7471| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7472| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7473| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7474| [112625] Apache POI up to 3.16 Loop denial of service
7475| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7476| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7477| [112339] Apache NiFi 1.5.0 Header privilege escalation
7478| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7479| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7480| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7481| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7482| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7483| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7484| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7485| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7486| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7487| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7488| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7489| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7490| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7491| [112114] Oracle 9.1 Apache Log4j privilege escalation
7492| [112113] Oracle 9.1 Apache Log4j privilege escalation
7493| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7494| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7495| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7496| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7497| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7498| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7499| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7500| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7501| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7502| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7503| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7504| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7505| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7506| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7507| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7508| [110701] Apache Fineract Query Parameter sql injection
7509| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7510| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7511| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7512| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7513| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7514| [110106] Apache CXF Fediz Spring cross site request forgery
7515| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7516| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7517| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7518| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7519| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7520| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7521| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7522| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7523| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7524| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7525| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7526| [108938] Apple macOS up to 10.13.1 apache denial of service
7527| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7528| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7529| [108935] Apple macOS up to 10.13.1 apache denial of service
7530| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7531| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7532| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7533| [108931] Apple macOS up to 10.13.1 apache denial of service
7534| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7535| [108929] Apple macOS up to 10.13.1 apache denial of service
7536| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7537| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7538| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7539| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7540| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7541| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7542| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7543| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7544| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7545| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7546| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7547| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7548| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7549| [108782] Apache Xerces2 XML Service denial of service
7550| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7551| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7552| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7553| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7554| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7555| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7556| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7557| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7558| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7559| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7560| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7561| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7562| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7563| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7564| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7565| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7566| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7567| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7568| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7569| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7570| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7571| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7572| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7573| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7574| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7575| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7576| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7577| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7578| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7579| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7580| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7581| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7582| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7583| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7584| [107639] Apache NiFi 1.4.0 XML External Entity
7585| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7586| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7587| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7588| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7589| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7590| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7591| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7592| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7593| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7594| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7595| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7596| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7597| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7598| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7599| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7600| [107084] Apache Struts up to 2.3.19 cross site scripting
7601| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7602| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7603| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7604| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7605| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7606| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7607| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7608| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7609| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7610| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7611| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7612| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7613| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7614| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7615| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7616| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7617| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7618| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7619| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7620| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7621| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7622| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7623| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7624| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7625| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7626| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7627| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7628| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7629| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7630| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7631| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7632| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7633| [105643] Apache Pony Mail up to 0.8b weak authentication
7634| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7635| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7636| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7637| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7638| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7639| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7640| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7641| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7642| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7643| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7644| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7645| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7646| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7647| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7648| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7649| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7650| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7651| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7652| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7653| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7654| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7655| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7656| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7657| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7658| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7659| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7660| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7661| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7662| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7663| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7664| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7665| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7666| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7667| [103690] Apache OpenMeetings 1.0.0 sql injection
7668| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7669| [103688] Apache OpenMeetings 1.0.0 weak encryption
7670| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7671| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7672| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7673| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7674| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7675| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7676| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7677| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7678| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7679| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7680| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7681| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7682| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7683| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7684| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7685| [103352] Apache Solr Node weak authentication
7686| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7687| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7688| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7689| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7690| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7691| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7692| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7693| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7694| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7695| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7696| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7697| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7698| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7699| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7700| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7701| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7702| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7703| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7704| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7705| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7706| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7707| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7708| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7709| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7710| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7711| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7712| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7713| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7714| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7715| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7716| [99937] Apache Batik up to 1.8 privilege escalation
7717| [99936] Apache FOP up to 2.1 privilege escalation
7718| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7719| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7720| [99930] Apache Traffic Server up to 6.2.0 denial of service
7721| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7722| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7723| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7724| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7725| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7726| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7727| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7728| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7729| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7730| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7731| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7732| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7733| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7734| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7735| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7736| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7737| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7738| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7739| [98605] Apple macOS up to 10.12.3 Apache denial of service
7740| [98604] Apple macOS up to 10.12.3 Apache denial of service
7741| [98603] Apple macOS up to 10.12.3 Apache denial of service
7742| [98602] Apple macOS up to 10.12.3 Apache denial of service
7743| [98601] Apple macOS up to 10.12.3 Apache denial of service
7744| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7745| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7746| [98199] Apache Camel Validation XML External Entity
7747| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7748| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7749| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7750| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7751| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7752| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7753| [97081] Apache Tomcat HTTPS Request denial of service
7754| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7755| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7756| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7757| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7758| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7759| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7760| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7761| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7762| [95311] Apache Storm UI Daemon privilege escalation
7763| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7764| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7765| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7766| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7767| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7768| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7769| [94540] Apache Tika 1.9 tika-server File information disclosure
7770| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7771| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7772| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7773| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7774| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7775| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7776| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7777| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7778| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7779| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7780| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7781| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7782| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7783| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7784| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7785| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7786| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7787| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7788| [93532] Apache Commons Collections Library Java privilege escalation
7789| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7790| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7791| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7792| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7793| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7794| [93098] Apache Commons FileUpload privilege escalation
7795| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7796| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7797| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7798| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7799| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7800| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7801| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7802| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7803| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7804| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7805| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7806| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7807| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7808| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7809| [92549] Apache Tomcat on Red Hat privilege escalation
7810| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7811| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7812| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7813| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7814| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7815| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7816| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7817| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7818| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7819| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7820| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7821| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7822| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7823| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7824| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7825| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7826| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7827| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7828| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7829| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7830| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7831| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7832| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7833| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7834| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7835| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7836| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7837| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7838| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7839| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7840| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7841| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7842| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7843| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7844| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7845| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7846| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7847| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7848| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7849| [90263] Apache Archiva Header denial of service
7850| [90262] Apache Archiva Deserialize privilege escalation
7851| [90261] Apache Archiva XML DTD Connection privilege escalation
7852| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7853| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7854| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7855| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7856| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7857| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7858| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7859| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7860| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7861| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7862| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7863| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7864| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7865| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7866| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7867| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7868| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7869| [87765] Apache James Server 2.3.2 Command privilege escalation
7870| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7871| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7872| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7873| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7874| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7875| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7876| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7877| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7878| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7879| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7880| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7881| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7882| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7883| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7884| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7885| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7886| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7887| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7888| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7889| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7890| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7891| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7892| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7893| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7894| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7895| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7896| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7897| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7898| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7899| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7900| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7901| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7902| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7903| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7904| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7905| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7906| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7907| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7908| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7909| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7910| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7911| [82076] Apache Ranger up to 0.5.1 privilege escalation
7912| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7913| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7914| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7915| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7916| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7917| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7918| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7919| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7920| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7921| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7922| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7923| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7924| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7925| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7926| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7927| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7928| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7929| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7930| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7931| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7932| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7933| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7934| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7935| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7936| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7937| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7938| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7939| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7940| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7941| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7942| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7943| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7944| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7945| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7946| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7947| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7948| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7949| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7950| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7951| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7952| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7953| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7954| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7955| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7956| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7957| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7958| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7959| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7960| [78989] Apache Ambari up to 2.1.1 Open Redirect
7961| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7962| [78987] Apache Ambari up to 2.0.x cross site scripting
7963| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7964| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7965| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7966| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7967| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7968| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7969| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7970| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7971| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7972| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7973| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7974| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7975| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7976| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7977| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7978| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7979| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7980| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7981| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7982| [76567] Apache Struts 2.3.20 unknown vulnerability
7983| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7984| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7985| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7986| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7987| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7988| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7989| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7990| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7991| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7992| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7993| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7994| [74793] Apache Tomcat File Upload denial of service
7995| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7996| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7997| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7998| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7999| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8000| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8001| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8002| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8003| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8004| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8005| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8006| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8007| [74468] Apache Batik up to 1.6 denial of service
8008| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8009| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8010| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8011| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8012| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8013| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8014| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8015| [73731] Apache XML Security unknown vulnerability
8016| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8017| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8018| [73593] Apache Traffic Server up to 5.1.0 denial of service
8019| [73511] Apache POI up to 3.10 Deadlock denial of service
8020| [73510] Apache Solr up to 4.3.0 cross site scripting
8021| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8022| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8023| [73173] Apache CloudStack Stack-Based unknown vulnerability
8024| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8025| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8026| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8027| [72890] Apache Qpid 0.30 unknown vulnerability
8028| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8029| [72878] Apache Cordova 3.5.0 cross site request forgery
8030| [72877] Apache Cordova 3.5.0 cross site request forgery
8031| [72876] Apache Cordova 3.5.0 cross site request forgery
8032| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8033| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8034| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8035| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8036| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8037| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8038| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8039| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8040| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8041| [71629] Apache Axis2/C spoofing
8042| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8043| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8044| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8045| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8046| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8047| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8048| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8049| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8050| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8051| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8052| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8053| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8054| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8055| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8056| [70809] Apache POI up to 3.11 Crash denial of service
8057| [70808] Apache POI up to 3.10 unknown vulnerability
8058| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8059| [70749] Apache Axis up to 1.4 getCN spoofing
8060| [70701] Apache Traffic Server up to 3.3.5 denial of service
8061| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8062| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8063| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8064| [70661] Apache Subversion up to 1.6.17 denial of service
8065| [70660] Apache Subversion up to 1.6.17 spoofing
8066| [70659] Apache Subversion up to 1.6.17 spoofing
8067| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8068| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8069| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8070| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8071| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8072| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8073| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8074| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8075| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8076| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8077| [69846] Apache HBase up to 0.94.8 information disclosure
8078| [69783] Apache CouchDB up to 1.2.0 memory corruption
8079| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8080| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8081| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8082| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8083| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8084| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8085| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8086| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8087| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8088| [69431] Apache Archiva up to 1.3.6 cross site scripting
8089| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8090| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8091| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8092| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8093| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8094| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8095| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8096| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8097| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8098| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8099| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8100| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8101| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8102| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8103| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8104| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8105| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8106| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8107| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8108| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8109| [66356] Apache Wicket up to 6.8.0 information disclosure
8110| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8111| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8112| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8113| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8114| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8115| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8116| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8117| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8118| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8119| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8120| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8121| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8122| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8123| [65668] Apache Solr 4.0.0 Updater denial of service
8124| [65665] Apache Solr up to 4.3.0 denial of service
8125| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8126| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8127| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8128| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8129| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8130| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8131| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8132| [65410] Apache Struts 2.3.15.3 cross site scripting
8133| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8134| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8135| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8136| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8137| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8138| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8139| [65340] Apache Shindig 2.5.0 information disclosure
8140| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8141| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8142| [10826] Apache Struts 2 File privilege escalation
8143| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8144| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8145| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8146| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8147| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8148| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8149| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8150| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8151| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8152| [64722] Apache XML Security for C++ Heap-based memory corruption
8153| [64719] Apache XML Security for C++ Heap-based memory corruption
8154| [64718] Apache XML Security for C++ verify denial of service
8155| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8156| [64716] Apache XML Security for C++ spoofing
8157| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8158| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8159| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8160| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8161| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8162| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8163| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8164| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8165| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8166| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8167| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8168| [64467] Apache Geronimo 3.0 memory corruption
8169| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8170| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8171| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8172| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8173| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8174| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8175| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8176| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8177| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8178| [8873] Apache Struts 2.3.14 privilege escalation
8179| [8872] Apache Struts 2.3.14 privilege escalation
8180| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8181| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8182| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8183| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8184| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8185| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8186| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8187| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8188| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8189| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8190| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8191| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8192| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8193| [8427] Apache Tomcat Session Transaction weak authentication
8194| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8195| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8196| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8197| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8198| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8199| [63747] Apache Rave up to 0.20 User Account information disclosure
8200| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8201| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8202| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8203| [7687] Apache CXF up to 2.7.2 Token weak authentication
8204| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8205| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8206| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8207| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8208| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8209| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8210| [63090] Apache Tomcat up to 4.1.24 denial of service
8211| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8212| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8213| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8214| [62833] Apache CXF -/2.6.0 spoofing
8215| [62832] Apache Axis2 up to 1.6.2 spoofing
8216| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8217| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8218| [62826] Apache Libcloud up to 0.11.0 spoofing
8219| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8220| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8221| [62661] Apache Axis2 unknown vulnerability
8222| [62658] Apache Axis2 unknown vulnerability
8223| [62467] Apache Qpid up to 0.17 denial of service
8224| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8225| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8226| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8227| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8228| [62035] Apache Struts up to 2.3.4 denial of service
8229| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8230| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8231| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8232| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8233| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8234| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8235| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8236| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8237| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8238| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8239| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8240| [61229] Apache Sling up to 2.1.1 denial of service
8241| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8242| [61094] Apache Roller up to 5.0 cross site scripting
8243| [61093] Apache Roller up to 5.0 cross site request forgery
8244| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8245| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8246| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8247| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8248| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8249| [60708] Apache Qpid 0.12 unknown vulnerability
8250| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8251| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8252| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8253| [4882] Apache Wicket up to 1.5.4 directory traversal
8254| [4881] Apache Wicket up to 1.4.19 cross site scripting
8255| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8256| [60352] Apache Struts up to 2.2.3 memory corruption
8257| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8258| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8259| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8260| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8261| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8262| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8263| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8264| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8265| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8266| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8267| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8268| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8269| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8270| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8271| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8272| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8273| [59888] Apache Tomcat up to 6.0.6 denial of service
8274| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8275| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8276| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8277| [59850] Apache Geronimo up to 2.2.1 denial of service
8278| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8279| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8280| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8281| [58413] Apache Tomcat up to 6.0.10 spoofing
8282| [58381] Apache Wicket up to 1.4.17 cross site scripting
8283| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8284| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8285| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8286| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8287| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8288| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8289| [57568] Apache Archiva up to 1.3.4 cross site scripting
8290| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8291| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8292| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8293| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8294| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8295| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8296| [57025] Apache Tomcat up to 7.0.11 information disclosure
8297| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8298| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8299| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8300| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8301| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8302| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8303| [56512] Apache Continuum up to 1.4.0 cross site scripting
8304| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8305| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8306| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8307| [56441] Apache Tomcat up to 7.0.6 denial of service
8308| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8309| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8310| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8311| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8312| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8313| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8314| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8315| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8316| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8317| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8318| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8319| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8320| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8321| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8322| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8323| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8324| [54012] Apache Tomcat up to 6.0.10 denial of service
8325| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8326| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8327| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8328| [52894] Apache Tomcat up to 6.0.7 information disclosure
8329| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8330| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8331| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8332| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8333| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8334| [52584] Apache CouchDB up to 0.10.1 information disclosure
8335| [51757] Apache HTTP Server 2.0.44 cross site scripting
8336| [51756] Apache HTTP Server 2.0.44 spoofing
8337| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8338| [51690] Apache Tomcat up to 6.0 directory traversal
8339| [51689] Apache Tomcat up to 6.0 information disclosure
8340| [51688] Apache Tomcat up to 6.0 directory traversal
8341| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8342| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8343| [50626] Apache Solr 1.0.0 cross site scripting
8344| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8345| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8346| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8347| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8348| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8349| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8350| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8351| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8352| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8353| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8354| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8355| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8356| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8357| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8358| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8359| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8360| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8361| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8362| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8363| [47214] Apachefriends xampp 1.6.8 spoofing
8364| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8365| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8366| [47065] Apache Tomcat 4.1.23 cross site scripting
8367| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8368| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8369| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8370| [86625] Apache Struts directory traversal
8371| [44461] Apache Tomcat up to 5.5.0 information disclosure
8372| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8373| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8374| [43663] Apache Tomcat up to 6.0.16 directory traversal
8375| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8376| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8377| [43516] Apache Tomcat up to 4.1.20 directory traversal
8378| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8379| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8380| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8381| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8382| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8383| [40924] Apache Tomcat up to 6.0.15 information disclosure
8384| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8385| [40922] Apache Tomcat up to 6.0 information disclosure
8386| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8387| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8388| [40656] Apache Tomcat 5.5.20 information disclosure
8389| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8390| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8391| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8392| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8393| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8394| [40234] Apache Tomcat up to 6.0.15 directory traversal
8395| [40221] Apache HTTP Server 2.2.6 information disclosure
8396| [40027] David Castro Apache Authcas 0.4 sql injection
8397| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8398| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8399| [3414] Apache Tomcat WebDAV Stored privilege escalation
8400| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8401| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8402| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8403| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8404| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8405| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8406| [38524] Apache Geronimo 2.0 unknown vulnerability
8407| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8408| [38331] Apache Tomcat 4.1.24 information disclosure
8409| [38330] Apache Tomcat 4.1.24 information disclosure
8410| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8411| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8412| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8413| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8414| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8415| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8416| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8417| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8418| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8419| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8420| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8421| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8422| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8423| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8424| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8425| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8426| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8427| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8428| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8429| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8430| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8431| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8432| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8433| [34252] Apache HTTP Server denial of service
8434| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8435| [33877] Apache Opentaps 0.9.3 cross site scripting
8436| [33876] Apache Open For Business Project unknown vulnerability
8437| [33875] Apache Open For Business Project cross site scripting
8438| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8439| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8440|
8441| MITRE CVE - https://cve.mitre.org:
8442| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8443| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8444| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8445| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8446| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8447| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8448| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8449| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8450| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8451| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8452| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8453| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8454| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8455| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8456| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8457| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8458| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8459| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8460| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8461| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8462| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8463| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8464| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8465| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8466| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8467| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8468| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8469| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8470| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8471| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8472| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8473| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8474| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8475| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8476| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8477| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8478| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8479| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8480| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8481| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8482| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8483| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8484| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8485| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8486| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8487| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8488| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8489| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8490| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8491| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8492| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8493| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8494| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8495| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8496| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8497| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8498| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8499| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8500| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8501| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8502| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8503| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8504| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8505| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8506| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8507| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8508| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8509| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8510| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8511| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8512| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8513| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8514| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8515| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8516| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8517| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8518| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8519| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8520| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8521| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8522| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8523| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8524| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8525| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8526| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8527| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8528| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8529| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8530| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8531| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8532| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8533| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8534| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8535| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8536| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8537| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8538| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8539| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8540| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8541| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8542| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8543| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8544| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8545| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8546| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8547| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8548| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8549| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8550| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8551| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8552| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8553| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8554| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8555| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8556| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8557| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8558| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8559| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8560| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8561| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8562| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8563| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8564| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8565| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8566| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8567| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8568| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8569| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8570| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8571| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8572| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8573| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8574| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8575| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8576| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8577| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8578| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8579| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8580| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8581| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8582| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8583| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8584| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8585| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8586| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8587| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8588| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8589| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8590| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8591| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8592| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8593| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8594| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8595| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8596| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8597| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8598| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8599| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8600| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8601| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8602| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8603| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8604| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8605| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8606| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8607| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8608| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8609| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8610| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8611| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8612| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8613| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8614| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8615| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8616| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8617| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8618| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8619| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8620| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8621| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8622| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8623| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8624| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8625| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8626| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8627| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8628| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8629| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8630| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8631| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8632| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8633| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8634| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8635| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8636| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8637| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8638| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8639| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8640| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8641| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8642| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8643| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8644| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8645| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8646| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8647| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8648| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8649| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8650| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8651| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8652| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8653| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8654| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8655| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8656| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8657| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8658| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8659| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8660| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8661| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8662| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8663| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8664| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8665| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8666| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8667| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8668| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8669| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8670| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8671| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8672| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8673| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8674| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8675| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8676| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8677| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8678| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8679| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8680| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8681| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8682| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8683| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8684| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8685| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8686| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8687| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8688| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8689| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8690| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8691| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8692| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8693| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8694| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8695| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8696| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8697| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8698| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8699| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8700| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8701| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8702| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8703| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8704| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8705| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8706| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8707| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8708| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8709| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8710| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8711| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8712| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8713| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8714| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8715| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8716| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8717| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8718| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8719| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8720| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8721| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8722| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8723| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8724| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8725| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8726| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8727| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8728| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8729| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8730| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8731| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8732| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8733| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8734| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8735| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8736| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8737| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8738| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8739| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8740| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8741| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8742| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8743| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8744| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8745| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8746| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8747| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8748| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8749| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8750| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8751| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8752| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8753| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8754| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8755| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8756| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8757| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8758| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8759| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8760| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8761| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8762| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8763| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8764| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8765| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8766| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8767| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8768| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8769| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8770| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8771| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8772| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8773| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8774| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8775| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8776| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8777| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8778| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8779| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8780| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8781| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8782| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8783| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8784| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8785| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8786| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8787| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8788| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8789| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8790| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8791| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8792| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8793| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8794| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8795| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8796| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8797| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8798| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8799| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8800| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8801| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8802| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8803| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8804| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8805| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8806| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8807| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8808| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8809| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8810| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8811| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8812| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8813| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8814| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8815| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8816| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8817| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8818| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8819| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8820| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8821| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8822| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8823| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8824| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8825| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8826| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8827| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8828| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8829| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8830| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8831| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8832| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8833| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8834| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8835| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8836| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8837| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8838| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8839| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8840| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8841| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8842| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8843| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8844| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8845| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8846| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8847| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8848| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8849| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8850| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8851| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8852| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8853| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8854| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8855| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8856| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8857| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8858| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8859| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8860| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8861| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8862| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8863| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8864| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8865| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8866| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8867| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8868| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8869| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8870| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8871| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8872| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8873| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8874| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8875| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8876| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8877| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8878| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8879| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8880| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8881| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8882| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8883| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8884| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8885| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8886| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8887| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8888| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8889| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8890| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8891| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8892| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8893| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8894| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8895| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8896| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8897| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8898| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8899| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8900| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8901| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8902| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8903| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8904| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8905| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8906| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8907| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8908| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8909| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8910| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8911| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8912| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8913| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8914| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8915| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8916| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8917| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8918| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8919| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8920| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8921| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8922| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8923| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8924| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8925| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8926| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8927| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8928| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8929| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8930| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8931| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8932| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8933| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8934| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8935| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8936| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8937| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8938| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8939| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8940| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8941| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8942| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8943| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8944| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8945| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8946| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8947| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8948| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8949| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8950| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8951| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8952| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8953| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8954| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8955| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8956| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8957| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8958| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8959| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8960| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8961| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8962| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8963| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8964| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8965| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8966| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8967| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8968| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8969| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8970| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8971| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8972| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8973| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8974| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8975| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8976| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8977| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8978| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8979| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8980| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8981| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8982| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8983| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8984| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8985| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8986| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8987| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8988| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8989| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8990| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8991| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8992| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8993| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8994| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8995| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8996| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8997| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8998| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8999| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9000| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9001| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9002| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9003| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9004| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9005| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9006| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9007| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9008| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9009| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9010| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9011| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9012| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9013| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9014| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9015| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9016| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9017| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9018| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9019| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9020| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9021| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9022| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9023| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9024| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9025| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9026| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9027| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9028| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9029| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9030| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9031| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9032| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9033| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9034| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9035| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9036| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9037| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9038| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9039| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9040| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9041| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9042| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9043| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9044| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9045| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9046| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9047| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9048| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9049| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9050| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9051|
9052| SecurityFocus - https://www.securityfocus.com/bid/:
9053| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9054| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9055| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9056| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9057| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9058| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9059| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9060| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9061| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9062| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9063| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9064| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9065| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9066| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9067| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9068| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9069| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9070| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9071| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9072| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9073| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9074| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9075| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9076| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9077| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9078| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9079| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9080| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9081| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9082| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9083| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9084| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9085| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9086| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9087| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9088| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9089| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9090| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9091| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9092| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9093| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9094| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9095| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9096| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9097| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9098| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9099| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9100| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9101| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9102| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9103| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9104| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9105| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9106| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9107| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9108| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9109| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9110| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9111| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9112| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9113| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9114| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9115| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9116| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9117| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9118| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9119| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9120| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9121| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9122| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9123| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9124| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9125| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9126| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9127| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9128| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9129| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9130| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9131| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9132| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9133| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9134| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9135| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9136| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9137| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9138| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9139| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9140| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9141| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9142| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9143| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9144| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9145| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9146| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9147| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9148| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9149| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9150| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9151| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9152| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9153| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9154| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9155| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9156| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9157| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9158| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9159| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9160| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9161| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9162| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9163| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9164| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9165| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9166| [100447] Apache2Triad Multiple Security Vulnerabilities
9167| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9168| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9169| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9170| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9171| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9172| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9173| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9174| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9175| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9176| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9177| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9178| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9179| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9180| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9181| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9182| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9183| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9184| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9185| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9186| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9187| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9188| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9189| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9190| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9191| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9192| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9193| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9194| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9195| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9196| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9197| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9198| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9199| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9200| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9201| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9202| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9203| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9204| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9205| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9206| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9207| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9208| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9209| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9210| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9211| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9212| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9213| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9214| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9215| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9216| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9217| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9218| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9219| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9220| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9221| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9222| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9223| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9224| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9225| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9226| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9227| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9228| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9229| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9230| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9231| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9232| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9233| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9234| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9235| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9236| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9237| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9238| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9239| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9240| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9241| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9242| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9243| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9244| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9245| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9246| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9247| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9248| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9249| [95675] Apache Struts Remote Code Execution Vulnerability
9250| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9251| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9252| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9253| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9254| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9255| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9256| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9257| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9258| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9259| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9260| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9261| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9262| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9263| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9264| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9265| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9266| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9267| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9268| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9269| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9270| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9271| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9272| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9273| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9274| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9275| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9276| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9277| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9278| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9279| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9280| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9281| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9282| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9283| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9284| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9285| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9286| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9287| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9288| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9289| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9290| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9291| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9292| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9293| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9294| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9295| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9296| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9297| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9298| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9299| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9300| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9301| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9302| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9303| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9304| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9305| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9306| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9307| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9308| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9309| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9310| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9311| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9312| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9313| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9314| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9315| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9316| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9317| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9318| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9319| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9320| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9321| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9322| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9323| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9324| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9325| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9326| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9327| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9328| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9329| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9330| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9331| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9332| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9333| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9334| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9335| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9336| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9337| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9338| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9339| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9340| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9341| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9342| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9343| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9344| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9345| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9346| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9347| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9348| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9349| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9350| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9351| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9352| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9353| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9354| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9355| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9356| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9357| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9358| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9359| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9360| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9361| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9362| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9363| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9364| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9365| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9366| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9367| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9368| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9369| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9370| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9371| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9372| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9373| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9374| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9375| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9376| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9377| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9378| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9379| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9380| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9381| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9382| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9383| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9384| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9385| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9386| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9387| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9388| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9389| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9390| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9391| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9392| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9393| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9394| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9395| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9396| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9397| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9398| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9399| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9400| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9401| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9402| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9403| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9404| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9405| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9406| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9407| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9408| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9409| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9410| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9411| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9412| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9413| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9414| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9415| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9416| [76933] Apache James Server Unspecified Command Execution Vulnerability
9417| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9418| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9419| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9420| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9421| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9422| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9423| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9424| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9425| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9426| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9427| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9428| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9429| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9430| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9431| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9432| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9433| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9434| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9435| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9436| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9437| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9438| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9439| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9440| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9441| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9442| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9443| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9444| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9445| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9446| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9447| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9448| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9449| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9450| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9451| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9452| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9453| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9454| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9455| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9456| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9457| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9458| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9459| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9460| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9461| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9462| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9463| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9464| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9465| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9466| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9467| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9468| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9469| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9470| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9471| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9472| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9473| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9474| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9475| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9476| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9477| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9478| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9479| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9480| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9481| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9482| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9483| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9484| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9485| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9486| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9487| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9488| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9489| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9490| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9491| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9492| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9493| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9494| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9495| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9496| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9497| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9498| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9499| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9500| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9501| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9502| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9503| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9504| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9505| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9506| [68229] Apache Harmony PRNG Entropy Weakness
9507| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9508| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9509| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9510| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9511| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9512| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9513| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9514| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9515| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9516| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9517| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9518| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9519| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9520| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9521| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9522| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9523| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9524| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9525| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9526| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9527| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9528| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9529| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9530| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9531| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9532| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9533| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9534| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9535| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9536| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9537| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9538| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9539| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9540| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9541| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9542| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9543| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9544| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9545| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9546| [64780] Apache CloudStack Unauthorized Access Vulnerability
9547| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9548| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9549| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9550| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9551| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9552| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9553| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9554| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9555| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9556| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9557| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9558| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9559| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9560| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9561| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9562| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9563| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9564| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9565| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9566| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9567| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9568| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9569| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9570| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9571| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9572| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9573| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9574| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9575| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9576| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9577| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9578| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9579| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9580| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9581| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9582| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9583| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9584| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9585| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9586| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9587| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9588| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9589| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9590| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9591| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9592| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9593| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9594| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9595| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9596| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9597| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9598| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9599| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9600| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9601| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9602| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9603| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9604| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9605| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9606| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9607| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9608| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9609| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9610| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9611| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9612| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9613| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9614| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9615| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9616| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9617| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9618| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9619| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9620| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9621| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9622| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9623| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9624| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9625| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9626| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9627| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9628| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9629| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9630| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9631| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9632| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9633| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9634| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9635| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9636| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9637| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9638| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9639| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9640| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9641| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9642| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9643| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9644| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9645| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9646| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9647| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9648| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9649| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9650| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9651| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9652| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9653| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9654| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9655| [54798] Apache Libcloud Man In The Middle Vulnerability
9656| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9657| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9658| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9659| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9660| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9661| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9662| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9663| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9664| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9665| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9666| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9667| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9668| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9669| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9670| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9671| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9672| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9673| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9674| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9675| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9676| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9677| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9678| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9679| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9680| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9681| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9682| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9683| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9684| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9685| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9686| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9687| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9688| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9689| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9690| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9691| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9692| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9693| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9694| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9695| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9696| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9697| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9698| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9699| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9700| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9701| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9702| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9703| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9704| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9705| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9706| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9707| [49290] Apache Wicket Cross Site Scripting Vulnerability
9708| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9709| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9710| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9711| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9712| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9713| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9714| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9715| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9716| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9717| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9718| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9719| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9720| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9721| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9722| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9723| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9724| [46953] Apache MPM-ITK Module Security Weakness
9725| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9726| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9727| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9728| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9729| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9730| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9731| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9732| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9733| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9734| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9735| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9736| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9737| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9738| [44616] Apache Shiro Directory Traversal Vulnerability
9739| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9740| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9741| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9742| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9743| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9744| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9745| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9746| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9747| [42492] Apache CXF XML DTD Processing Security Vulnerability
9748| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9749| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9750| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9751| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9752| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9753| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9754| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9755| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9756| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9757| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9758| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9759| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9760| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9761| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9762| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9763| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9764| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9765| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9766| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9767| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9768| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9769| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9770| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9771| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9772| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9773| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9774| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9775| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9776| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9777| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9778| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9779| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9780| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9781| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9782| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9783| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9784| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9785| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9786| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9787| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9788| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9789| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9790| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9791| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9792| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9793| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9794| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9795| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9796| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9797| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9798| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9799| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9800| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9801| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9802| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9803| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9804| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9805| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9806| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9807| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9808| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9809| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9810| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9811| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9812| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9813| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9814| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9815| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9816| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9817| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9818| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9819| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9820| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9821| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9822| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9823| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9824| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9825| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9826| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9827| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9828| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9829| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9830| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9831| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9832| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9833| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9834| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9835| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9836| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9837| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9838| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9839| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9840| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9841| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9842| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9843| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9844| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9845| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9846| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9847| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9848| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9849| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9850| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9851| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9852| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9853| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9854| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9855| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9856| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9857| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9858| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9859| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9860| [20527] Apache Mod_TCL Remote Format String Vulnerability
9861| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9862| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9863| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9864| [19106] Apache Tomcat Information Disclosure Vulnerability
9865| [18138] Apache James SMTP Denial Of Service Vulnerability
9866| [17342] Apache Struts Multiple Remote Vulnerabilities
9867| [17095] Apache Log4Net Denial Of Service Vulnerability
9868| [16916] Apache mod_python FileSession Code Execution Vulnerability
9869| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9870| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9871| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9872| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9873| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9874| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9875| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9876| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9877| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9878| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9879| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9880| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9881| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9882| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9883| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9884| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9885| [14106] Apache HTTP Request Smuggling Vulnerability
9886| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9887| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9888| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9889| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9890| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9891| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9892| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9893| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9894| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9895| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9896| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9897| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9898| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9899| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9900| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9901| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9902| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9903| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9904| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9905| [11094] Apache mod_ssl Denial Of Service Vulnerability
9906| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9907| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9908| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9909| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9910| [10478] ClueCentral Apache Suexec Patch Security Weakness
9911| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9912| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9913| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9914| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9915| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9916| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9917| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9918| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9919| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9920| [9733] Apache Cygwin Directory Traversal Vulnerability
9921| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9922| [9590] Apache-SSL Client Certificate Forging Vulnerability
9923| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9924| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9925| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9926| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9927| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9928| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9929| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9930| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9931| [8898] Red Hat Apache Directory Index Default Configuration Error
9932| [8883] Apache Cocoon Directory Traversal Vulnerability
9933| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9934| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9935| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9936| [8707] Apache htpasswd Password Entropy Weakness
9937| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9938| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9939| [8226] Apache HTTP Server Multiple Vulnerabilities
9940| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9941| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9942| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9943| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9944| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9945| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9946| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9947| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9948| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9949| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9950| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9951| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9952| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9953| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9954| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9955| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9956| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9957| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9958| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9959| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9960| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9961| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9962| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9963| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9964| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9965| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9966| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9967| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9968| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9969| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9970| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9971| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9972| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9973| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9974| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9975| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9976| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9977| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9978| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9979| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9980| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9981| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9982| [5485] Apache 2.0 Path Disclosure Vulnerability
9983| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9984| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9985| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9986| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9987| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9988| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9989| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9990| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9991| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9992| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9993| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9994| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9995| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9996| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9997| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9998| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9999| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10000| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10001| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10002| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10003| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10004| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10005| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10006| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10007| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10008| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10009| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10010| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10011| [3596] Apache Split-Logfile File Append Vulnerability
10012| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10013| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10014| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10015| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10016| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10017| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10018| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10019| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10020| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10021| [3169] Apache Server Address Disclosure Vulnerability
10022| [3009] Apache Possible Directory Index Disclosure Vulnerability
10023| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10024| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10025| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10026| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10027| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10028| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10029| [2216] Apache Web Server DoS Vulnerability
10030| [2182] Apache /tmp File Race Vulnerability
10031| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10032| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10033| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10034| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10035| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10036| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10037| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10038| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10039| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10040| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10041| [1457] Apache::ASP source.asp Example Script Vulnerability
10042| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10043| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10044|
10045| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10046| [86258] Apache CloudStack text fields cross-site scripting
10047| [85983] Apache Subversion mod_dav_svn module denial of service
10048| [85875] Apache OFBiz UEL code execution
10049| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10050| [85871] Apache HTTP Server mod_session_dbd unspecified
10051| [85756] Apache Struts OGNL expression command execution
10052| [85755] Apache Struts DefaultActionMapper class open redirect
10053| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10054| [85574] Apache HTTP Server mod_dav denial of service
10055| [85573] Apache Struts Showcase App OGNL code execution
10056| [85496] Apache CXF denial of service
10057| [85423] Apache Geronimo RMI classloader code execution
10058| [85326] Apache Santuario XML Security for C++ buffer overflow
10059| [85323] Apache Santuario XML Security for Java spoofing
10060| [85319] Apache Qpid Python client SSL spoofing
10061| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10062| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10063| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10064| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10065| [84952] Apache Tomcat CVE-2012-3544 denial of service
10066| [84763] Apache Struts CVE-2013-2135 security bypass
10067| [84762] Apache Struts CVE-2013-2134 security bypass
10068| [84719] Apache Subversion CVE-2013-2088 command execution
10069| [84718] Apache Subversion CVE-2013-2112 denial of service
10070| [84717] Apache Subversion CVE-2013-1968 denial of service
10071| [84577] Apache Tomcat security bypass
10072| [84576] Apache Tomcat symlink
10073| [84543] Apache Struts CVE-2013-2115 security bypass
10074| [84542] Apache Struts CVE-2013-1966 security bypass
10075| [84154] Apache Tomcat session hijacking
10076| [84144] Apache Tomcat denial of service
10077| [84143] Apache Tomcat information disclosure
10078| [84111] Apache HTTP Server command execution
10079| [84043] Apache Virtual Computing Lab cross-site scripting
10080| [84042] Apache Virtual Computing Lab cross-site scripting
10081| [83782] Apache CloudStack information disclosure
10082| [83781] Apache CloudStack security bypass
10083| [83720] Apache ActiveMQ cross-site scripting
10084| [83719] Apache ActiveMQ denial of service
10085| [83718] Apache ActiveMQ denial of service
10086| [83263] Apache Subversion denial of service
10087| [83262] Apache Subversion denial of service
10088| [83261] Apache Subversion denial of service
10089| [83259] Apache Subversion denial of service
10090| [83035] Apache mod_ruid2 security bypass
10091| [82852] Apache Qpid federation_tag security bypass
10092| [82851] Apache Qpid qpid::framing::Buffer denial of service
10093| [82758] Apache Rave User RPC API information disclosure
10094| [82663] Apache Subversion svn_fs_file_length() denial of service
10095| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10096| [82641] Apache Qpid AMQP denial of service
10097| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10098| [82618] Apache Commons FileUpload symlink
10099| [82360] Apache HTTP Server manager interface cross-site scripting
10100| [82359] Apache HTTP Server hostnames cross-site scripting
10101| [82338] Apache Tomcat log/logdir information disclosure
10102| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10103| [82268] Apache OpenJPA deserialization command execution
10104| [81981] Apache CXF UsernameTokens security bypass
10105| [81980] Apache CXF WS-Security security bypass
10106| [81398] Apache OFBiz cross-site scripting
10107| [81240] Apache CouchDB directory traversal
10108| [81226] Apache CouchDB JSONP code execution
10109| [81225] Apache CouchDB Futon user interface cross-site scripting
10110| [81211] Apache Axis2/C SSL spoofing
10111| [81167] Apache CloudStack DeployVM information disclosure
10112| [81166] Apache CloudStack AddHost API information disclosure
10113| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10114| [80518] Apache Tomcat cross-site request forgery security bypass
10115| [80517] Apache Tomcat FormAuthenticator security bypass
10116| [80516] Apache Tomcat NIO denial of service
10117| [80408] Apache Tomcat replay-countermeasure security bypass
10118| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10119| [80317] Apache Tomcat slowloris denial of service
10120| [79984] Apache Commons HttpClient SSL spoofing
10121| [79983] Apache CXF SSL spoofing
10122| [79830] Apache Axis2/Java SSL spoofing
10123| [79829] Apache Axis SSL spoofing
10124| [79809] Apache Tomcat DIGEST security bypass
10125| [79806] Apache Tomcat parseHeaders() denial of service
10126| [79540] Apache OFBiz unspecified
10127| [79487] Apache Axis2 SAML security bypass
10128| [79212] Apache Cloudstack code execution
10129| [78734] Apache CXF SOAP Action security bypass
10130| [78730] Apache Qpid broker denial of service
10131| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10132| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10133| [78562] Apache mod_pagespeed module security bypass
10134| [78454] Apache Axis2 security bypass
10135| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10136| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10137| [78321] Apache Wicket unspecified cross-site scripting
10138| [78183] Apache Struts parameters denial of service
10139| [78182] Apache Struts cross-site request forgery
10140| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10141| [77987] mod_rpaf module for Apache denial of service
10142| [77958] Apache Struts skill name code execution
10143| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10144| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10145| [77568] Apache Qpid broker security bypass
10146| [77421] Apache Libcloud spoofing
10147| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10148| [77046] Oracle Solaris Apache HTTP Server information disclosure
10149| [76837] Apache Hadoop information disclosure
10150| [76802] Apache Sling CopyFrom denial of service
10151| [76692] Apache Hadoop symlink
10152| [76535] Apache Roller console cross-site request forgery
10153| [76534] Apache Roller weblog cross-site scripting
10154| [76152] Apache CXF elements security bypass
10155| [76151] Apache CXF child policies security bypass
10156| [75983] MapServer for Windows Apache file include
10157| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10158| [75558] Apache POI denial of service
10159| [75545] PHP apache_request_headers() buffer overflow
10160| [75302] Apache Qpid SASL security bypass
10161| [75211] Debian GNU/Linux apache 2 cross-site scripting
10162| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10163| [74871] Apache OFBiz FlexibleStringExpander code execution
10164| [74870] Apache OFBiz multiple cross-site scripting
10165| [74750] Apache Hadoop unspecified spoofing
10166| [74319] Apache Struts XSLTResult.java file upload
10167| [74313] Apache Traffic Server header buffer overflow
10168| [74276] Apache Wicket directory traversal
10169| [74273] Apache Wicket unspecified cross-site scripting
10170| [74181] Apache HTTP Server mod_fcgid module denial of service
10171| [73690] Apache Struts OGNL code execution
10172| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10173| [73100] Apache MyFaces in directory traversal
10174| [73096] Apache APR hash denial of service
10175| [73052] Apache Struts name cross-site scripting
10176| [73030] Apache CXF UsernameToken security bypass
10177| [72888] Apache Struts lastName cross-site scripting
10178| [72758] Apache HTTP Server httpOnly information disclosure
10179| [72757] Apache HTTP Server MPM denial of service
10180| [72585] Apache Struts ParameterInterceptor security bypass
10181| [72438] Apache Tomcat Digest security bypass
10182| [72437] Apache Tomcat Digest security bypass
10183| [72436] Apache Tomcat DIGEST security bypass
10184| [72425] Apache Tomcat parameter denial of service
10185| [72422] Apache Tomcat request object information disclosure
10186| [72377] Apache HTTP Server scoreboard security bypass
10187| [72345] Apache HTTP Server HTTP request denial of service
10188| [72229] Apache Struts ExceptionDelegator command execution
10189| [72089] Apache Struts ParameterInterceptor directory traversal
10190| [72088] Apache Struts CookieInterceptor command execution
10191| [72047] Apache Geronimo hash denial of service
10192| [72016] Apache Tomcat hash denial of service
10193| [71711] Apache Struts OGNL expression code execution
10194| [71654] Apache Struts interfaces security bypass
10195| [71620] Apache ActiveMQ failover denial of service
10196| [71617] Apache HTTP Server mod_proxy module information disclosure
10197| [71508] Apache MyFaces EL security bypass
10198| [71445] Apache HTTP Server mod_proxy security bypass
10199| [71203] Apache Tomcat servlets privilege escalation
10200| [71181] Apache HTTP Server ap_pregsub() denial of service
10201| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10202| [70336] Apache HTTP Server mod_proxy information disclosure
10203| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10204| [69472] Apache Tomcat AJP security bypass
10205| [69396] Apache HTTP Server ByteRange filter denial of service
10206| [69394] Apache Wicket multi window support cross-site scripting
10207| [69176] Apache Tomcat XML information disclosure
10208| [69161] Apache Tomcat jsvc information disclosure
10209| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10210| [68541] Apache Tomcat sendfile information disclosure
10211| [68420] Apache XML Security denial of service
10212| [68238] Apache Tomcat JMX information disclosure
10213| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10214| [67804] Apache Subversion control rules information disclosure
10215| [67803] Apache Subversion control rules denial of service
10216| [67802] Apache Subversion baselined denial of service
10217| [67672] Apache Archiva multiple cross-site scripting
10218| [67671] Apache Archiva multiple cross-site request forgery
10219| [67564] Apache APR apr_fnmatch() denial of service
10220| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10221| [67515] Apache Tomcat annotations security bypass
10222| [67480] Apache Struts s:submit information disclosure
10223| [67414] Apache APR apr_fnmatch() denial of service
10224| [67356] Apache Struts javatemplates cross-site scripting
10225| [67354] Apache Struts Xwork cross-site scripting
10226| [66676] Apache Tomcat HTTP BIO information disclosure
10227| [66675] Apache Tomcat web.xml security bypass
10228| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10229| [66241] Apache HttpComponents information disclosure
10230| [66154] Apache Tomcat ServletSecurity security bypass
10231| [65971] Apache Tomcat ServletSecurity security bypass
10232| [65876] Apache Subversion mod_dav_svn denial of service
10233| [65343] Apache Continuum unspecified cross-site scripting
10234| [65162] Apache Tomcat NIO connector denial of service
10235| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10236| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10237| [65159] Apache Tomcat ServletContect security bypass
10238| [65050] Apache CouchDB web-based administration UI cross-site scripting
10239| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10240| [64473] Apache Subversion blame -g denial of service
10241| [64472] Apache Subversion walk() denial of service
10242| [64407] Apache Axis2 CVE-2010-0219 code execution
10243| [63926] Apache Archiva password privilege escalation
10244| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10245| [63493] Apache Archiva credentials cross-site request forgery
10246| [63477] Apache Tomcat HttpOnly session hijacking
10247| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10248| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10249| [62959] Apache Shiro filters security bypass
10250| [62790] Apache Perl cgi module denial of service
10251| [62576] Apache Qpid exchange denial of service
10252| [62575] Apache Qpid AMQP denial of service
10253| [62354] Apache Qpid SSL denial of service
10254| [62235] Apache APR-util apr_brigade_split_line() denial of service
10255| [62181] Apache XML-RPC SAX Parser information disclosure
10256| [61721] Apache Traffic Server cache poisoning
10257| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10258| [61186] Apache CouchDB Futon cross-site request forgery
10259| [61169] Apache CXF DTD denial of service
10260| [61070] Apache Jackrabbit search.jsp SQL injection
10261| [61006] Apache SLMS Quoting cross-site request forgery
10262| [60962] Apache Tomcat time cross-site scripting
10263| [60883] Apache mod_proxy_http information disclosure
10264| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10265| [60264] Apache Tomcat Transfer-Encoding denial of service
10266| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10267| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10268| [59413] Apache mod_proxy_http timeout information disclosure
10269| [59058] Apache MyFaces unencrypted view state cross-site scripting
10270| [58827] Apache Axis2 xsd file include
10271| [58790] Apache Axis2 modules cross-site scripting
10272| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10273| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10274| [58056] Apache ActiveMQ .jsp source code disclosure
10275| [58055] Apache Tomcat realm name information disclosure
10276| [58046] Apache HTTP Server mod_auth_shadow security bypass
10277| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10278| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10279| [57429] Apache CouchDB algorithms information disclosure
10280| [57398] Apache ActiveMQ Web console cross-site request forgery
10281| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10282| [56653] Apache HTTP Server DNS spoofing
10283| [56652] Apache HTTP Server DNS cross-site scripting
10284| [56625] Apache HTTP Server request header information disclosure
10285| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10286| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10287| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10288| [55857] Apache Tomcat WAR files directory traversal
10289| [55856] Apache Tomcat autoDeploy attribute security bypass
10290| [55855] Apache Tomcat WAR directory traversal
10291| [55210] Intuit component for Joomla! Apache information disclosure
10292| [54533] Apache Tomcat 404 error page cross-site scripting
10293| [54182] Apache Tomcat admin default password
10294| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10295| [53666] Apache HTTP Server Solaris pollset support denial of service
10296| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10297| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10298| [53041] mod_proxy_ftp module for Apache denial of service
10299| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10300| [51953] Apache Tomcat Path Disclosure
10301| [51952] Apache Tomcat Path Traversal
10302| [51951] Apache stronghold-status Information Disclosure
10303| [51950] Apache stronghold-info Information Disclosure
10304| [51949] Apache PHP Source Code Disclosure
10305| [51948] Apache Multiviews Attack
10306| [51946] Apache JServ Environment Status Information Disclosure
10307| [51945] Apache error_log Information Disclosure
10308| [51944] Apache Default Installation Page Pattern Found
10309| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10310| [51942] Apache AXIS XML External Entity File Retrieval
10311| [51941] Apache AXIS Sample Servlet Information Leak
10312| [51940] Apache access_log Information Disclosure
10313| [51626] Apache mod_deflate denial of service
10314| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10315| [51365] Apache Tomcat RequestDispatcher security bypass
10316| [51273] Apache HTTP Server Incomplete Request denial of service
10317| [51195] Apache Tomcat XML information disclosure
10318| [50994] Apache APR-util xml/apr_xml.c denial of service
10319| [50993] Apache APR-util apr_brigade_vprintf denial of service
10320| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10321| [50930] Apache Tomcat j_security_check information disclosure
10322| [50928] Apache Tomcat AJP denial of service
10323| [50884] Apache HTTP Server XML ENTITY denial of service
10324| [50808] Apache HTTP Server AllowOverride privilege escalation
10325| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10326| [50059] Apache mod_proxy_ajp information disclosure
10327| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10328| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10329| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10330| [49921] Apache ActiveMQ Web interface cross-site scripting
10331| [49898] Apache Geronimo Services/Repository directory traversal
10332| [49725] Apache Tomcat mod_jk module information disclosure
10333| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10334| [49712] Apache Struts unspecified cross-site scripting
10335| [49213] Apache Tomcat cal2.jsp cross-site scripting
10336| [48934] Apache Tomcat POST doRead method information disclosure
10337| [48211] Apache Tomcat header HTTP request smuggling
10338| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10339| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10340| [47709] Apache Roller "
10341| [47104] Novell Netware ApacheAdmin console security bypass
10342| [47086] Apache HTTP Server OS fingerprinting unspecified
10343| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10344| [45791] Apache Tomcat RemoteFilterValve security bypass
10345| [44435] Oracle WebLogic Apache Connector buffer overflow
10346| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10347| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10348| [44156] Apache Tomcat RequestDispatcher directory traversal
10349| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10350| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10351| [42987] Apache HTTP Server mod_proxy module denial of service
10352| [42915] Apache Tomcat JSP files path disclosure
10353| [42914] Apache Tomcat MS-DOS path disclosure
10354| [42892] Apache Tomcat unspecified unauthorized access
10355| [42816] Apache Tomcat Host Manager cross-site scripting
10356| [42303] Apache 403 error cross-site scripting
10357| [41618] Apache-SSL ExpandCert() authentication bypass
10358| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10359| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10360| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10361| [40562] Apache Geronimo init information disclosure
10362| [40478] Novell Web Manager webadmin-apache.conf security bypass
10363| [40411] Apache Tomcat exception handling information disclosure
10364| [40409] Apache Tomcat native (APR based) connector weak security
10365| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10366| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10367| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10368| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10369| [39804] Apache Tomcat SingleSignOn information disclosure
10370| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10371| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10372| [39608] Apache HTTP Server balancer manager cross-site request forgery
10373| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10374| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10375| [39472] Apache HTTP Server mod_status cross-site scripting
10376| [39201] Apache Tomcat JULI logging weak security
10377| [39158] Apache HTTP Server Windows SMB shares information disclosure
10378| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10379| [38951] Apache::AuthCAS Perl module cookie SQL injection
10380| [38800] Apache HTTP Server 413 error page cross-site scripting
10381| [38211] Apache Geronimo SQLLoginModule authentication bypass
10382| [37243] Apache Tomcat WebDAV directory traversal
10383| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10384| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10385| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10386| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10387| [36782] Apache Geronimo MEJB unauthorized access
10388| [36586] Apache HTTP Server UTF-7 cross-site scripting
10389| [36468] Apache Geronimo LoginModule security bypass
10390| [36467] Apache Tomcat functions.jsp cross-site scripting
10391| [36402] Apache Tomcat calendar cross-site request forgery
10392| [36354] Apache HTTP Server mod_proxy module denial of service
10393| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10394| [36336] Apache Derby lock table privilege escalation
10395| [36335] Apache Derby schema privilege escalation
10396| [36006] Apache Tomcat "
10397| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10398| [35999] Apache Tomcat \"
10399| [35795] Apache Tomcat CookieExample cross-site scripting
10400| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10401| [35384] Apache HTTP Server mod_cache module denial of service
10402| [35097] Apache HTTP Server mod_status module cross-site scripting
10403| [35095] Apache HTTP Server Prefork MPM module denial of service
10404| [34984] Apache HTTP Server recall_headers information disclosure
10405| [34966] Apache HTTP Server MPM content spoofing
10406| [34965] Apache HTTP Server MPM information disclosure
10407| [34963] Apache HTTP Server MPM multiple denial of service
10408| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10409| [34869] Apache Tomcat JSP example Web application cross-site scripting
10410| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10411| [34496] Apache Tomcat JK Connector security bypass
10412| [34377] Apache Tomcat hello.jsp cross-site scripting
10413| [34212] Apache Tomcat SSL configuration security bypass
10414| [34210] Apache Tomcat Accept-Language cross-site scripting
10415| [34209] Apache Tomcat calendar application cross-site scripting
10416| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10417| [34167] Apache Axis WSDL file path disclosure
10418| [34068] Apache Tomcat AJP connector information disclosure
10419| [33584] Apache HTTP Server suEXEC privilege escalation
10420| [32988] Apache Tomcat proxy module directory traversal
10421| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10422| [32708] Debian Apache tty privilege escalation
10423| [32441] ApacheStats extract() PHP call unspecified
10424| [32128] Apache Tomcat default account
10425| [31680] Apache Tomcat RequestParamExample cross-site scripting
10426| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10427| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10428| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10429| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10430| [29550] Apache mod_tcl set_var() format string
10431| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10432| [28357] Apache HTTP Server mod_alias script source information disclosure
10433| [28063] Apache mod_rewrite off-by-one buffer overflow
10434| [27902] Apache Tomcat URL information disclosure
10435| [26786] Apache James SMTP server denial of service
10436| [25680] libapache2 /tmp/svn file upload
10437| [25614] Apache Struts lookupMap cross-site scripting
10438| [25613] Apache Struts ActionForm denial of service
10439| [25612] Apache Struts isCancelled() security bypass
10440| [24965] Apache mod_python FileSession command execution
10441| [24716] Apache James spooler memory leak denial of service
10442| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10443| [24158] Apache Geronimo jsp-examples cross-site scripting
10444| [24030] Apache auth_ldap module multiple format strings
10445| [24008] Apache mod_ssl custom error message denial of service
10446| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10447| [23612] Apache mod_imap referer field cross-site scripting
10448| [23173] Apache Struts error message cross-site scripting
10449| [22942] Apache Tomcat directory listing denial of service
10450| [22858] Apache Multi-Processing Module code allows denial of service
10451| [22602] RHSA-2005:582 updates for Apache httpd not installed
10452| [22520] Apache mod-auth-shadow "
10453| [22466] ApacheTop symlink
10454| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10455| [22006] Apache HTTP Server byte-range filter denial of service
10456| [21567] Apache mod_ssl off-by-one buffer overflow
10457| [21195] Apache HTTP Server header HTTP request smuggling
10458| [20383] Apache HTTP Server htdigest buffer overflow
10459| [19681] Apache Tomcat AJP12 request denial of service
10460| [18993] Apache HTTP server check_forensic symlink attack
10461| [18790] Apache Tomcat Manager cross-site scripting
10462| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10463| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10464| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10465| [17961] Apache Web server ServerTokens has not been set
10466| [17930] Apache HTTP Server HTTP GET request denial of service
10467| [17785] Apache mod_include module buffer overflow
10468| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10469| [17473] Apache HTTP Server Satisfy directive allows access to resources
10470| [17413] Apache htpasswd buffer overflow
10471| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10472| [17382] Apache HTTP Server IPv6 apr_util denial of service
10473| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10474| [17273] Apache HTTP Server speculative mode denial of service
10475| [17200] Apache HTTP Server mod_ssl denial of service
10476| [16890] Apache HTTP Server server-info request has been detected
10477| [16889] Apache HTTP Server server-status request has been detected
10478| [16705] Apache mod_ssl format string attack
10479| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10480| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10481| [16230] Apache HTTP Server PHP denial of service
10482| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10483| [15958] Apache HTTP Server authentication modules memory corruption
10484| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10485| [15540] Apache HTTP Server socket starvation denial of service
10486| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10487| [15422] Apache HTTP Server mod_access information disclosure
10488| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10489| [15293] Apache for Cygwin "
10490| [15065] Apache-SSL has a default password
10491| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10492| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10493| [14751] Apache Mod_python output filter information disclosure
10494| [14125] Apache HTTP Server mod_userdir module information disclosure
10495| [14075] Apache HTTP Server mod_php file descriptor leak
10496| [13703] Apache HTTP Server account
10497| [13689] Apache HTTP Server configuration allows symlinks
10498| [13688] Apache HTTP Server configuration allows SSI
10499| [13687] Apache HTTP Server Server: header value
10500| [13685] Apache HTTP Server ServerTokens value
10501| [13684] Apache HTTP Server ServerSignature value
10502| [13672] Apache HTTP Server config allows directory autoindexing
10503| [13671] Apache HTTP Server default content
10504| [13670] Apache HTTP Server config file directive references outside content root
10505| [13668] Apache HTTP Server httpd not running in chroot environment
10506| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10507| [13664] Apache HTTP Server config file contains ScriptAlias entry
10508| [13663] Apache HTTP Server CGI support modules loaded
10509| [13661] Apache HTTP Server config file contains AddHandler entry
10510| [13660] Apache HTTP Server 500 error page not CGI script
10511| [13659] Apache HTTP Server 413 error page not CGI script
10512| [13658] Apache HTTP Server 403 error page not CGI script
10513| [13657] Apache HTTP Server 401 error page not CGI script
10514| [13552] Apache HTTP Server mod_cgid module information disclosure
10515| [13550] Apache GET request directory traversal
10516| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10517| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10518| [13429] Apache Tomcat non-HTTP request denial of service
10519| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10520| [13295] Apache weak password encryption
10521| [13254] Apache Tomcat .jsp cross-site scripting
10522| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10523| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10524| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10525| [12662] Apache HTTP Server rotatelogs denial of service
10526| [12554] Apache Tomcat stores password in plain text
10527| [12553] Apache HTTP Server redirects and subrequests denial of service
10528| [12552] Apache HTTP Server FTP proxy server denial of service
10529| [12551] Apache HTTP Server prefork MPM denial of service
10530| [12550] Apache HTTP Server weaker than expected encryption
10531| [12549] Apache HTTP Server type-map file denial of service
10532| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10533| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10534| [12091] Apache HTTP Server apr_password_validate denial of service
10535| [12090] Apache HTTP Server apr_psprintf code execution
10536| [11804] Apache HTTP Server mod_access_referer denial of service
10537| [11750] Apache HTTP Server could leak sensitive file descriptors
10538| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10539| [11703] Apache long slash path allows directory listing
10540| [11695] Apache HTTP Server LF (Line Feed) denial of service
10541| [11694] Apache HTTP Server filestat.c denial of service
10542| [11438] Apache HTTP Server MIME message boundaries information disclosure
10543| [11412] Apache HTTP Server error log terminal escape sequence injection
10544| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10545| [11195] Apache Tomcat web.xml could be used to read files
10546| [11194] Apache Tomcat URL appended with a null character could list directories
10547| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10548| [11126] Apache HTTP Server illegal character file disclosure
10549| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10550| [11124] Apache HTTP Server DOS device name denial of service
10551| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10552| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10553| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10554| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10555| [10499] Apache HTTP Server WebDAV HTTP POST view source
10556| [10457] Apache HTTP Server mod_ssl "
10557| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10558| [10414] Apache HTTP Server htdigest multiple buffer overflows
10559| [10413] Apache HTTP Server htdigest temporary file race condition
10560| [10412] Apache HTTP Server htpasswd temporary file race condition
10561| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10562| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10563| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10564| [10280] Apache HTTP Server shared memory scorecard overwrite
10565| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10566| [10241] Apache HTTP Server Host: header cross-site scripting
10567| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10568| [10208] Apache HTTP Server mod_dav denial of service
10569| [10206] HP VVOS Apache mod_ssl denial of service
10570| [10200] Apache HTTP Server stderr denial of service
10571| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10572| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10573| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10574| [10098] Slapper worm targets OpenSSL/Apache systems
10575| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10576| [9875] Apache HTTP Server .var file request could disclose installation path
10577| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10578| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10579| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10580| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10581| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10582| [9396] Apache Tomcat null character to threads denial of service
10583| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10584| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10585| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10586| [8932] Apache Tomcat example class information disclosure
10587| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10588| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10589| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10590| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10591| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10592| [8400] Apache HTTP Server mod_frontpage buffer overflows
10593| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10594| [8308] Apache "
10595| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10596| [8119] Apache and PHP OPTIONS request reveals "
10597| [8054] Apache is running on the system
10598| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10599| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10600| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10601| [7836] Apache HTTP Server log directory denial of service
10602| [7815] Apache for Windows "
10603| [7810] Apache HTTP request could result in unexpected behavior
10604| [7599] Apache Tomcat reveals installation path
10605| [7494] Apache "
10606| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10607| [7363] Apache Web Server hidden HTTP requests
10608| [7249] Apache mod_proxy denial of service
10609| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10610| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10611| [7059] Apache "
10612| [7057] Apache "
10613| [7056] Apache "
10614| [7055] Apache "
10615| [7054] Apache "
10616| [6997] Apache Jakarta Tomcat error message may reveal information
10617| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10618| [6970] Apache crafted HTTP request could reveal the internal IP address
10619| [6921] Apache long slash path allows directory listing
10620| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10621| [6527] Apache Web Server for Windows and OS2 denial of service
10622| [6316] Apache Jakarta Tomcat may reveal JSP source code
10623| [6305] Apache Jakarta Tomcat directory traversal
10624| [5926] Linux Apache symbolic link
10625| [5659] Apache Web server discloses files when used with php script
10626| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10627| [5204] Apache WebDAV directory listings
10628| [5197] Apache Web server reveals CGI script source code
10629| [5160] Apache Jakarta Tomcat default installation
10630| [5099] Trustix Secure Linux installs Apache with world writable access
10631| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10632| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10633| [4931] Apache source.asp example file allows users to write to files
10634| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10635| [4205] Apache Jakarta Tomcat delivers file contents
10636| [2084] Apache on Debian by default serves the /usr/doc directory
10637| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10638| [697] Apache HTTP server beck exploit
10639| [331] Apache cookies buffer overflow
10640|
10641| Exploit-DB - https://www.exploit-db.com:
10642| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10643| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10644| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10645| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10646| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10647| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10648| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10649| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10650| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10651| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10652| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10653| [29859] Apache Roller OGNL Injection
10654| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10655| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10656| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10657| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10658| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10659| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10660| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10661| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10662| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10663| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10664| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10665| [27096] Apache Geronimo 1.0 Error Page XSS
10666| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10667| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10668| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10669| [25986] Plesk Apache Zeroday Remote Exploit
10670| [25980] Apache Struts includeParams Remote Code Execution
10671| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10672| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10673| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10674| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10675| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10676| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10677| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10678| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10679| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10680| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10681| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10682| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10683| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10684| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10685| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10686| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10687| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10688| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10689| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10690| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10691| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10692| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10693| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10694| [21719] Apache 2.0 Path Disclosure Vulnerability
10695| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10696| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10697| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10698| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10699| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10700| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10701| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10702| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10703| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10704| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10705| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10706| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10707| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10708| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10709| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10710| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10711| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10712| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10713| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10714| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10715| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10716| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10717| [20558] Apache 1.2 Web Server DoS Vulnerability
10718| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10719| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10720| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10721| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10722| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10723| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10724| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10725| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10726| [19231] PHP apache_request_headers Function Buffer Overflow
10727| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10728| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10729| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10730| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10731| [18442] Apache httpOnly Cookie Disclosure
10732| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10733| [18221] Apache HTTP Server Denial of Service
10734| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10735| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10736| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10737| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10738| [16782] Apache Win32 Chunked Encoding
10739| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10740| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10741| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10742| [15319] Apache 2.2 (Windows) Local Denial of Service
10743| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10744| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10745| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10746| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10747| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10748| [12330] Apache OFBiz - Multiple XSS
10749| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10750| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10751| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10752| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10753| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10754| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10755| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10756| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10757| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10758| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10759| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10760| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10761| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10762| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10763| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10764| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10765| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10766| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10767| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10768| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10769| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10770| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10771| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10772| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10773| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10774| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10775| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10776| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10777| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10778| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10779| [466] htpasswd Apache 1.3.31 - Local Exploit
10780| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10781| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10782| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10783| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10784| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10785| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10786| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10787| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10788| [9] Apache HTTP Server 2.x Memory Leak Exploit
10789|
10790| OpenVAS (Nessus) - http://www.openvas.org:
10791| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10792| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10793| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10794| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10795| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10796| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10797| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10798| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10799| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10800| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10801| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10802| [900571] Apache APR-Utils Version Detection
10803| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10804| [900496] Apache Tiles Multiple XSS Vulnerability
10805| [900493] Apache Tiles Version Detection
10806| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10807| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10808| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10809| [870175] RedHat Update for apache RHSA-2008:0004-01
10810| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10811| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10812| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10813| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10814| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10815| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10816| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10817| [855821] Solaris Update for Apache 1.3 122912-19
10818| [855812] Solaris Update for Apache 1.3 122911-19
10819| [855737] Solaris Update for Apache 1.3 122911-17
10820| [855731] Solaris Update for Apache 1.3 122912-17
10821| [855695] Solaris Update for Apache 1.3 122911-16
10822| [855645] Solaris Update for Apache 1.3 122912-16
10823| [855587] Solaris Update for kernel update and Apache 108529-29
10824| [855566] Solaris Update for Apache 116973-07
10825| [855531] Solaris Update for Apache 116974-07
10826| [855524] Solaris Update for Apache 2 120544-14
10827| [855494] Solaris Update for Apache 1.3 122911-15
10828| [855478] Solaris Update for Apache Security 114145-11
10829| [855472] Solaris Update for Apache Security 113146-12
10830| [855179] Solaris Update for Apache 1.3 122912-15
10831| [855147] Solaris Update for kernel update and Apache 108528-29
10832| [855077] Solaris Update for Apache 2 120543-14
10833| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10834| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10835| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10836| [841209] Ubuntu Update for apache2 USN-1627-1
10837| [840900] Ubuntu Update for apache2 USN-1368-1
10838| [840798] Ubuntu Update for apache2 USN-1259-1
10839| [840734] Ubuntu Update for apache2 USN-1199-1
10840| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10841| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10842| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10843| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10844| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10845| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10846| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10847| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10848| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10849| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10850| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10851| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10852| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10853| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10854| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10855| [835188] HP-UX Update for Apache HPSBUX02308
10856| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10857| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10858| [835172] HP-UX Update for Apache HPSBUX02365
10859| [835168] HP-UX Update for Apache HPSBUX02313
10860| [835148] HP-UX Update for Apache HPSBUX01064
10861| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10862| [835131] HP-UX Update for Apache HPSBUX00256
10863| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10864| [835104] HP-UX Update for Apache HPSBUX00224
10865| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10866| [835101] HP-UX Update for Apache HPSBUX01232
10867| [835080] HP-UX Update for Apache HPSBUX02273
10868| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10869| [835044] HP-UX Update for Apache HPSBUX01019
10870| [835040] HP-UX Update for Apache PHP HPSBUX00207
10871| [835025] HP-UX Update for Apache HPSBUX00197
10872| [835023] HP-UX Update for Apache HPSBUX01022
10873| [835022] HP-UX Update for Apache HPSBUX02292
10874| [835005] HP-UX Update for Apache HPSBUX02262
10875| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10876| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10877| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10878| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10879| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10880| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10881| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10882| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10883| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10884| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10885| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10886| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10887| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10888| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10889| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10890| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10891| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10892| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10893| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10894| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10895| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10896| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10897| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10898| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10899| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10900| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10901| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10902| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10903| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10904| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10905| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10906| [801942] Apache Archiva Multiple Vulnerabilities
10907| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10908| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10909| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10910| [801284] Apache Derby Information Disclosure Vulnerability
10911| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10912| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10913| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10914| [800680] Apache APR Version Detection
10915| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10916| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10917| [800677] Apache Roller Version Detection
10918| [800279] Apache mod_jk Module Version Detection
10919| [800278] Apache Struts Cross Site Scripting Vulnerability
10920| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10921| [800276] Apache Struts Version Detection
10922| [800271] Apache Struts Directory Traversal Vulnerability
10923| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10924| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10925| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10926| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10927| [103074] Apache Continuum Cross Site Scripting Vulnerability
10928| [103073] Apache Continuum Detection
10929| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10930| [101023] Apache Open For Business Weak Password security check
10931| [101020] Apache Open For Business HTML injection vulnerability
10932| [101019] Apache Open For Business service detection
10933| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10934| [100923] Apache Archiva Detection
10935| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10936| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10937| [100813] Apache Axis2 Detection
10938| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10939| [100795] Apache Derby Detection
10940| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10941| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10942| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10943| [100514] Apache Multiple Security Vulnerabilities
10944| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10945| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10946| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10947| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10948| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10949| [72612] FreeBSD Ports: apache22
10950| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10951| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10952| [71512] FreeBSD Ports: apache
10953| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10954| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10955| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10956| [70737] FreeBSD Ports: apache
10957| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10958| [70600] FreeBSD Ports: apache
10959| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10960| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10961| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10962| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10963| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10964| [67868] FreeBSD Ports: apache
10965| [66816] FreeBSD Ports: apache
10966| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10967| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10968| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10969| [66081] SLES11: Security update for Apache 2
10970| [66074] SLES10: Security update for Apache 2
10971| [66070] SLES9: Security update for Apache 2
10972| [65998] SLES10: Security update for apache2-mod_python
10973| [65893] SLES10: Security update for Apache 2
10974| [65888] SLES10: Security update for Apache 2
10975| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10976| [65510] SLES9: Security update for Apache 2
10977| [65472] SLES9: Security update for Apache
10978| [65467] SLES9: Security update for Apache
10979| [65450] SLES9: Security update for apache2
10980| [65390] SLES9: Security update for Apache2
10981| [65363] SLES9: Security update for Apache2
10982| [65309] SLES9: Security update for Apache and mod_ssl
10983| [65296] SLES9: Security update for webdav apache module
10984| [65283] SLES9: Security update for Apache2
10985| [65249] SLES9: Security update for Apache 2
10986| [65230] SLES9: Security update for Apache 2
10987| [65228] SLES9: Security update for Apache 2
10988| [65212] SLES9: Security update for apache2-mod_python
10989| [65209] SLES9: Security update for apache2-worker
10990| [65207] SLES9: Security update for Apache 2
10991| [65168] SLES9: Security update for apache2-mod_python
10992| [65142] SLES9: Security update for Apache2
10993| [65136] SLES9: Security update for Apache 2
10994| [65132] SLES9: Security update for apache
10995| [65131] SLES9: Security update for Apache 2 oes/CORE
10996| [65113] SLES9: Security update for apache2
10997| [65072] SLES9: Security update for apache and mod_ssl
10998| [65017] SLES9: Security update for Apache 2
10999| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11000| [64783] FreeBSD Ports: apache
11001| [64774] Ubuntu USN-802-2 (apache2)
11002| [64653] Ubuntu USN-813-2 (apache2)
11003| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11004| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11005| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11006| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11007| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11008| [64443] Ubuntu USN-802-1 (apache2)
11009| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11010| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11011| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11012| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11013| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11014| [64201] Ubuntu USN-787-1 (apache2)
11015| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11016| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11017| [63565] FreeBSD Ports: apache
11018| [63562] Ubuntu USN-731-1 (apache2)
11019| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11020| [61185] FreeBSD Ports: apache
11021| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11022| [60387] Slackware Advisory SSA:2008-045-02 apache
11023| [58826] FreeBSD Ports: apache-tomcat
11024| [58825] FreeBSD Ports: apache-tomcat
11025| [58804] FreeBSD Ports: apache
11026| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11027| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11028| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11029| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11030| [57335] Debian Security Advisory DSA 1167-1 (apache)
11031| [57201] Debian Security Advisory DSA 1131-1 (apache)
11032| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11033| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11034| [57145] FreeBSD Ports: apache
11035| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11036| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11037| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11038| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11039| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11040| [56067] FreeBSD Ports: apache
11041| [55803] Slackware Advisory SSA:2005-310-04 apache
11042| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11043| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11044| [55355] FreeBSD Ports: apache
11045| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11046| [55261] Debian Security Advisory DSA 805-1 (apache2)
11047| [55259] Debian Security Advisory DSA 803-1 (apache)
11048| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11049| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11050| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11051| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11052| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11053| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11054| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11055| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11056| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11057| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11058| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11059| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11060| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11061| [54439] FreeBSD Ports: apache
11062| [53931] Slackware Advisory SSA:2004-133-01 apache
11063| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11064| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11065| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11066| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11067| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11068| [53848] Debian Security Advisory DSA 131-1 (apache)
11069| [53784] Debian Security Advisory DSA 021-1 (apache)
11070| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11071| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11072| [53735] Debian Security Advisory DSA 187-1 (apache)
11073| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11074| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11075| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11076| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11077| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11078| [53282] Debian Security Advisory DSA 594-1 (apache)
11079| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11080| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11081| [53215] Debian Security Advisory DSA 525-1 (apache)
11082| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11083| [52529] FreeBSD Ports: apache+ssl
11084| [52501] FreeBSD Ports: apache
11085| [52461] FreeBSD Ports: apache
11086| [52390] FreeBSD Ports: apache
11087| [52389] FreeBSD Ports: apache
11088| [52388] FreeBSD Ports: apache
11089| [52383] FreeBSD Ports: apache
11090| [52339] FreeBSD Ports: apache+mod_ssl
11091| [52331] FreeBSD Ports: apache
11092| [52329] FreeBSD Ports: ru-apache+mod_ssl
11093| [52314] FreeBSD Ports: apache
11094| [52310] FreeBSD Ports: apache
11095| [15588] Detect Apache HTTPS
11096| [15555] Apache mod_proxy content-length buffer overflow
11097| [15554] Apache mod_include priviledge escalation
11098| [14771] Apache <= 1.3.33 htpasswd local overflow
11099| [14177] Apache mod_access rule bypass
11100| [13644] Apache mod_rootme Backdoor
11101| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11102| [12280] Apache Connection Blocking Denial of Service
11103| [12239] Apache Error Log Escape Sequence Injection
11104| [12123] Apache Tomcat source.jsp malformed request information disclosure
11105| [12085] Apache Tomcat servlet/JSP container default files
11106| [11438] Apache Tomcat Directory Listing and File disclosure
11107| [11204] Apache Tomcat Default Accounts
11108| [11092] Apache 2.0.39 Win32 directory traversal
11109| [11046] Apache Tomcat TroubleShooter Servlet Installed
11110| [11042] Apache Tomcat DOS Device Name XSS
11111| [11041] Apache Tomcat /servlet Cross Site Scripting
11112| [10938] Apache Remote Command Execution via .bat files
11113| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11114| [10773] MacOS X Finder reveals contents of Apache Web files
11115| [10766] Apache UserDir Sensitive Information Disclosure
11116| [10756] MacOS X Finder reveals contents of Apache Web directories
11117| [10752] Apache Auth Module SQL Insertion Attack
11118| [10704] Apache Directory Listing
11119| [10678] Apache /server-info accessible
11120| [10677] Apache /server-status accessible
11121| [10440] Check for Apache Multiple / vulnerability
11122|
11123| SecurityTracker - https://www.securitytracker.com:
11124| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11125| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11126| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11127| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11128| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11129| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11130| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11131| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11132| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11133| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11134| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11135| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11136| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11137| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11138| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11139| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11140| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11141| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11142| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11143| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11144| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11145| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11146| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11147| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11148| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11149| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11150| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11151| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11152| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11153| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11154| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11155| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11156| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11157| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11158| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11159| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11160| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11161| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11162| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11163| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11164| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11165| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11166| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11167| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11168| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11169| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11170| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11171| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11172| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11173| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11174| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11175| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11176| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11177| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11178| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11179| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11180| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11181| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11182| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11183| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11184| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11185| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11186| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11187| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11188| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11189| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11190| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11191| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11192| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11193| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11194| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11195| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11196| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11197| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11198| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11199| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11200| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11201| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11202| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11203| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11204| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11205| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11206| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11207| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11208| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11209| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11210| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11211| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11212| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11213| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11214| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11215| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11216| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11217| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11218| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11219| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11220| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11221| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11222| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11223| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11224| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11225| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11226| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11227| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11228| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11229| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11230| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11231| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11232| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11233| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11234| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11235| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11236| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11237| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11238| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11239| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11240| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11241| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11242| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11243| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11244| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11245| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11246| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11247| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11248| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11249| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11250| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11251| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11252| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11253| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11254| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11255| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11256| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11257| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11258| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11259| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11260| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11261| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11262| [1008920] Apache mod_digest May Validate Replayed Client Responses
11263| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11264| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11265| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11266| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11267| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11268| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11269| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11270| [1008029] Apache mod_alias Contains a Buffer Overflow
11271| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11272| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11273| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11274| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11275| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11276| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11277| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11278| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11279| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11280| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11281| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11282| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11283| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11284| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11285| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11286| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11287| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11288| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11289| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11290| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11291| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11292| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11293| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11294| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11295| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11296| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11297| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11298| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11299| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11300| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11301| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11302| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11303| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11304| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11305| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11306| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11307| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11308| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11309| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11310| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11311| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11312| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11313| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11314| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11315| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11316| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11317| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11318| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11319| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11320| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11321| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11322| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11323| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11324| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11325| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11326| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11327|
11328| OSVDB - http://www.osvdb.org:
11329| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11330| [96077] Apache CloudStack Global Settings Multiple Field XSS
11331| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11332| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11333| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11334| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11335| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11336| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11337| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11338| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11339| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11340| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11341| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11342| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11343| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11344| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11345| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11346| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11347| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11348| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11349| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11350| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11351| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11352| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11353| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11354| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11355| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11356| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11357| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11358| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11359| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11360| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11361| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11362| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11363| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11364| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11365| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11366| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11367| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11368| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11369| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11370| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11371| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11372| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11373| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11374| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11375| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11376| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11377| [94279] Apache Qpid CA Certificate Validation Bypass
11378| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11379| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11380| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11381| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11382| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11383| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11384| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11385| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11386| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11387| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11388| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11389| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11390| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11391| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11392| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11393| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11394| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11395| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11396| [93541] Apache Solr json.wrf Callback XSS
11397| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11398| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11399| [93520] Apache CloudStack Default SSL Key Weakness
11400| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11401| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11402| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11403| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11404| [93515] Apache HBase table.jsp name Parameter XSS
11405| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11406| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11407| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11408| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11409| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11410| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11411| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11412| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11413| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11414| [93252] Apache Tomcat FORM Authenticator Session Fixation
11415| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11416| [93171] Apache Sling HtmlResponse Error Message XSS
11417| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11418| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11419| [93168] Apache Click ErrorReport.java id Parameter XSS
11420| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11421| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11422| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11423| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11424| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11425| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11426| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11427| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11428| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11429| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11430| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11431| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11432| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11433| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11434| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11435| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11436| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11437| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11438| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11439| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11440| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11441| [93144] Apache Solr Admin Command Execution CSRF
11442| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11443| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11444| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11445| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11446| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11447| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11448| [92748] Apache CloudStack VM Console Access Restriction Bypass
11449| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11450| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11451| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11452| [92706] Apache ActiveMQ Debug Log Rendering XSS
11453| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11454| [92270] Apache Tomcat Unspecified CSRF
11455| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11456| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11457| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11458| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11459| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11460| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11461| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11462| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11463| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11464| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11465| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11466| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11467| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11468| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11469| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11470| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11471| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11472| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11473| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11474| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11475| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11476| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11477| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11478| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11479| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11480| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11481| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11482| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11483| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11484| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11485| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11486| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11487| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11488| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11489| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11490| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11491| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11492| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11493| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11494| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11495| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11496| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11497| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11498| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11499| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11500| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11501| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11502| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11503| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11504| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11505| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11506| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11507| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11508| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11509| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11510| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11511| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11512| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11513| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11514| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11515| [86901] Apache Tomcat Error Message Path Disclosure
11516| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11517| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11518| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11519| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11520| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11521| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11522| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11523| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11524| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11525| [85430] Apache mod_pagespeed Module Unspecified XSS
11526| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11527| [85249] Apache Wicket Unspecified XSS
11528| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11529| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11530| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11531| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11532| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11533| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11534| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11535| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11536| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11537| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11538| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11539| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11540| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11541| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11542| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11543| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11544| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11545| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11546| [83339] Apache Roller Blogger Roll Unspecified XSS
11547| [83270] Apache Roller Unspecified Admin Action CSRF
11548| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11549| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11550| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11551| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11552| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11553| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11554| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11555| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11556| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11557| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11558| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11559| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11560| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11561| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11562| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11563| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11564| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11565| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11566| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11567| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11568| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11569| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11570| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11571| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11572| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11573| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11574| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11575| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11576| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11577| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11578| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11579| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11580| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11581| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11582| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11583| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11584| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11585| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11586| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11587| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11588| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11589| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11590| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11591| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11592| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11593| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11594| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11595| [77593] Apache Struts Conversion Error OGNL Expression Injection
11596| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11597| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11598| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11599| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11600| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11601| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11602| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11603| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11604| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11605| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11606| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11607| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11608| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11609| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11610| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11611| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11612| [74725] Apache Wicket Multi Window Support Unspecified XSS
11613| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11614| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11615| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11616| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11617| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11618| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11619| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11620| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11621| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11622| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11623| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11624| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11625| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11626| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11627| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11628| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11629| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11630| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11631| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11632| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11633| [73154] Apache Archiva Multiple Unspecified CSRF
11634| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11635| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11636| [72238] Apache Struts Action / Method Names <
11637| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11638| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11639| [71557] Apache Tomcat HTML Manager Multiple XSS
11640| [71075] Apache Archiva User Management Page XSS
11641| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11642| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11643| [70924] Apache Continuum Multiple Admin Function CSRF
11644| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11645| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11646| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11647| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11648| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11649| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11650| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11651| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11652| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11653| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11654| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11655| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11656| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11657| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11658| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11659| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11660| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11661| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11662| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11663| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11664| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11665| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11666| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11667| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11668| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11669| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11670| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11671| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11672| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11673| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11674| [65054] Apache ActiveMQ Jetty Error Handler XSS
11675| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11676| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11677| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11678| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11679| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11680| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11681| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11682| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11683| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11684| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11685| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11686| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11687| [63895] Apache HTTP Server mod_headers Unspecified Issue
11688| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11689| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11690| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11691| [63140] Apache Thrift Service Malformed Data Remote DoS
11692| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11693| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11694| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11695| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11696| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11697| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11698| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11699| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11700| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11701| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11702| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11703| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11704| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11705| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11706| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11707| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11708| [60678] Apache Roller Comment Email Notification Manipulation DoS
11709| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11710| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11711| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11712| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11713| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11714| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11715| [60232] PHP on Apache php.exe Direct Request Remote DoS
11716| [60176] Apache Tomcat Windows Installer Admin Default Password
11717| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11718| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11719| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11720| [59944] Apache Hadoop jobhistory.jsp XSS
11721| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11722| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11723| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11724| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11725| [59019] Apache mod_python Cookie Salting Weakness
11726| [59018] Apache Harmony Error Message Handling Overflow
11727| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11728| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11729| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11730| [59010] Apache Solr get-file.jsp XSS
11731| [59009] Apache Solr action.jsp XSS
11732| [59008] Apache Solr analysis.jsp XSS
11733| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11734| [59006] Apache Beehive select / checkbox Tag XSS
11735| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11736| [59004] Apache Beehive Error Message XSS
11737| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11738| [59002] Apache Jetspeed default-page.psml URI XSS
11739| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11740| [59000] Apache CXF Unsigned Message Policy Bypass
11741| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11742| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11743| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11744| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11745| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11746| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11747| [58993] Apache Hadoop browseBlock.jsp XSS
11748| [58991] Apache Hadoop browseDirectory.jsp XSS
11749| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11750| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11751| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11752| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11753| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11754| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11755| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11756| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11757| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11758| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11759| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11760| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11761| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11762| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11763| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11764| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11765| [58974] Apache Sling /apps Script User Session Management Access Weakness
11766| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11767| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11768| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11769| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11770| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11771| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11772| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11773| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11774| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11775| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11776| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11777| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11778| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11779| [58805] Apache Derby Unauthenticated Database / Admin Access
11780| [58804] Apache Wicket Header Contribution Unspecified Issue
11781| [58803] Apache Wicket Session Fixation
11782| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11783| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11784| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11785| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11786| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11787| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11788| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11789| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11790| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11791| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11792| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11793| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11794| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11795| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11796| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11797| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11798| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11799| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11800| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11801| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11802| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11803| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11804| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11805| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11806| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11807| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11808| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11809| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11810| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11811| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11812| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11813| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11814| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11815| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11816| [58755] Apache Harmony DRLVM Non-public Class Member Access
11817| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11818| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11819| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11820| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11821| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11822| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11823| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11824| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11825| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11826| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11827| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11828| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11829| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11830| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11831| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11832| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11833| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11834| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11835| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11836| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11837| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11838| [58724] Apache Roller Logout Functionality Failure Session Persistence
11839| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11840| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11841| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11842| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11843| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11844| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11845| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11846| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11847| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11848| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11849| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11850| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11851| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11852| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11853| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11854| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11855| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11856| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11857| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11858| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11859| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11860| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11861| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11862| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11863| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11864| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11865| [58687] Apache Axis Invalid wsdl Request XSS
11866| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11867| [58685] Apache Velocity Template Designer Privileged Code Execution
11868| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11869| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11870| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11871| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11872| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11873| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11874| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11875| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11876| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11877| [58667] Apache Roller Database Cleartext Passwords Disclosure
11878| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11879| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11880| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11881| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11882| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11883| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11884| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11885| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11886| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11887| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11888| [56984] Apache Xerces2 Java Malformed XML Input DoS
11889| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11890| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11891| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11892| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11893| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11894| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11895| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11896| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11897| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11898| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11899| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11900| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11901| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11902| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11903| [55056] Apache Tomcat Cross-application TLD File Manipulation
11904| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11905| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11906| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11907| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11908| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11909| [54589] Apache Jserv Nonexistent JSP Request XSS
11910| [54122] Apache Struts s:a / s:url Tag href Element XSS
11911| [54093] Apache ActiveMQ Web Console JMS Message XSS
11912| [53932] Apache Geronimo Multiple Admin Function CSRF
11913| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11914| [53930] Apache Geronimo /console/portal/ URI XSS
11915| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11916| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11917| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11918| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11919| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11920| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11921| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11922| [53380] Apache Struts Unspecified XSS
11923| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11924| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11925| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11926| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11927| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11928| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11929| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11930| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11931| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11932| [51151] Apache Roller Search Function q Parameter XSS
11933| [50482] PHP with Apache php_value Order Unspecified Issue
11934| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11935| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11936| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11937| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11938| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11939| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11940| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11941| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11942| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11943| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11944| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11945| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11946| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11947| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11948| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11949| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11950| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11951| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11952| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11953| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11954| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11955| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11956| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11957| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11958| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11959| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11960| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11961| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11962| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11963| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11964| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11965| [43452] Apache Tomcat HTTP Request Smuggling
11966| [43309] Apache Geronimo LoginModule Login Method Bypass
11967| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11968| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11969| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11970| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11971| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11972| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11973| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11974| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11975| [42091] Apache Maven Site Plugin Installation Permission Weakness
11976| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11977| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11978| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11979| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11980| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11981| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11982| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11983| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11984| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11985| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11986| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11987| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11988| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11989| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11990| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11991| [40262] Apache HTTP Server mod_status refresh XSS
11992| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11993| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11994| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11995| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11996| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11997| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11998| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11999| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12000| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12001| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12002| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12003| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12004| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12005| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12006| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12007| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12008| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12009| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12010| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12011| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12012| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12013| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12014| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12015| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12016| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12017| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12018| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12019| [36079] Apache Tomcat Manager Uploaded Filename XSS
12020| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12021| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12022| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12023| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12024| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12025| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12026| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12027| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12028| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12029| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12030| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12031| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12032| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12033| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12034| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12035| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12036| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12037| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12038| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12039| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12040| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12041| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12042| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12043| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12044| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12045| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12046| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12047| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12048| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12049| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12050| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12051| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12052| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12053| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12054| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12055| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12056| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12057| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12058| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12059| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12060| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12061| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12062| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12063| [24365] Apache Struts Multiple Function Error Message XSS
12064| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12065| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12066| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12067| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12068| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12069| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12070| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12071| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12072| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12073| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12074| [22459] Apache Geronimo Error Page XSS
12075| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12076| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12077| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12078| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12079| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12080| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12081| [21021] Apache Struts Error Message XSS
12082| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12083| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12084| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12085| [20439] Apache Tomcat Directory Listing Saturation DoS
12086| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12087| [20285] Apache HTTP Server Log File Control Character Injection
12088| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12089| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12090| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12091| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12092| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12093| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12094| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12095| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12096| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12097| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12098| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12099| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12100| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12101| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12102| [18233] Apache HTTP Server htdigest user Variable Overfow
12103| [17738] Apache HTTP Server HTTP Request Smuggling
12104| [16586] Apache HTTP Server Win32 GET Overflow DoS
12105| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12106| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12107| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12108| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12109| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12110| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12111| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12112| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12113| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12114| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12115| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12116| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12117| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12118| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12119| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12120| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12121| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12122| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12123| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12124| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12125| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12126| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12127| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12128| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12129| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12130| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12131| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12132| [13304] Apache Tomcat realPath.jsp Path Disclosure
12133| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12134| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12135| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12136| [12848] Apache HTTP Server htdigest realm Variable Overflow
12137| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12138| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12139| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12140| [12557] Apache HTTP Server prefork MPM accept Error DoS
12141| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12142| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12143| [12231] Apache Tomcat web.xml Arbitrary File Access
12144| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12145| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12146| [12178] Apache Jakarta Lucene results.jsp XSS
12147| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12148| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12149| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12150| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12151| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12152| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12153| [10471] Apache Xerces-C++ XML Parser DoS
12154| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12155| [10068] Apache HTTP Server htpasswd Local Overflow
12156| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12157| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12158| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12159| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12160| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12161| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12162| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12163| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12164| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12165| [9714] Apache Authentication Module Threaded MPM DoS
12166| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12167| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12168| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12169| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12170| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12171| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12172| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12173| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12174| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12175| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12176| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12177| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12178| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12179| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12180| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12181| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12182| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12183| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12184| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12185| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12186| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12187| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12188| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12189| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12190| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12191| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12192| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12193| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12194| [9208] Apache Tomcat .jsp Encoded Newline XSS
12195| [9204] Apache Tomcat ROOT Application XSS
12196| [9203] Apache Tomcat examples Application XSS
12197| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12198| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12199| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12200| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12201| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12202| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12203| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12204| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12205| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12206| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12207| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12208| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12209| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12210| [7611] Apache HTTP Server mod_alias Local Overflow
12211| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12212| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12213| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12214| [6882] Apache mod_python Malformed Query String Variant DoS
12215| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12216| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12217| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12218| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12219| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12220| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12221| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12222| [5278] Apache Tomcat web.xml Restriction Bypass
12223| [5051] Apache Tomcat Null Character DoS
12224| [4973] Apache Tomcat servlet Mapping XSS
12225| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12226| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12227| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12228| [4568] mod_survey For Apache ENV Tags SQL Injection
12229| [4553] Apache HTTP Server ApacheBench Overflow DoS
12230| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12231| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12232| [4383] Apache HTTP Server Socket Race Condition DoS
12233| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12234| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12235| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12236| [4231] Apache Cocoon Error Page Server Path Disclosure
12237| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12238| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12239| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12240| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12241| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12242| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12243| [3322] mod_php for Apache HTTP Server Process Hijack
12244| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12245| [2885] Apache mod_python Malformed Query String DoS
12246| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12247| [2733] Apache HTTP Server mod_rewrite Local Overflow
12248| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12249| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12250| [2149] Apache::Gallery Privilege Escalation
12251| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12252| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12253| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12254| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12255| [872] Apache Tomcat Multiple Default Accounts
12256| [862] Apache HTTP Server SSI Error Page XSS
12257| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12258| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12259| [845] Apache Tomcat MSDOS Device XSS
12260| [844] Apache Tomcat Java Servlet Error Page XSS
12261| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12262| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12263| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12264| [775] Apache mod_python Module Importing Privilege Function Execution
12265| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12266| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12267| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12268| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12269| [637] Apache HTTP Server UserDir Directive Username Enumeration
12270| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12271| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12272| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12273| [561] Apache Web Servers mod_status /server-status Information Disclosure
12274| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12275| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12276| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12277| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12278| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12279| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12280| [376] Apache Tomcat contextAdmin Arbitrary File Access
12281| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12282| [222] Apache HTTP Server test-cgi Arbitrary File Access
12283| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12284| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12285|_
12286113/tcp closed ident
12287139/tcp closed netbios-ssn
12288443/tcp open ssl/http Apache httpd
12289|_http-server-header: Apache
12290| vulscan: VulDB - https://vuldb.com:
12291| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12292| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12293| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12294| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12295| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12296| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12297| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12298| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12299| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12300| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12301| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12302| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12303| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12304| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12305| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12306| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12307| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12308| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12309| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12310| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12311| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12312| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12313| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12314| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12315| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12316| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12317| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12318| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12319| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12320| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12321| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12322| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12323| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12324| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12325| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12326| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12327| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12328| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12329| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12330| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12331| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12332| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12333| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12334| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12335| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12336| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12337| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12338| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12339| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12340| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12341| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12342| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12343| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12344| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12345| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12346| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12347| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12348| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12349| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12350| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12351| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12352| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12353| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12354| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12355| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12356| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12357| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12358| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12359| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12360| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12361| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12362| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12363| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12364| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12365| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12366| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12367| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12368| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12369| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12370| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12371| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12372| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12373| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12374| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12375| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12376| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12377| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12378| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12379| [136370] Apache Fineract up to 1.2.x sql injection
12380| [136369] Apache Fineract up to 1.2.x sql injection
12381| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12382| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12383| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12384| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12385| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12386| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12387| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12388| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12389| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12390| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12391| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12392| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12393| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12394| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12395| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12396| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12397| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12398| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12399| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12400| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12401| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12402| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12403| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12404| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12405| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12406| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12407| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12408| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12409| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12410| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12411| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12412| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12413| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12414| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12415| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12416| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12417| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12418| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12419| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12420| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12421| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12422| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12423| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12424| [130629] Apache Guacamole Cookie Flag weak encryption
12425| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12426| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12427| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12428| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12429| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12430| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12431| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12432| [130123] Apache Airflow up to 1.8.2 information disclosure
12433| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12434| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12435| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12436| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12437| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12438| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12439| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12440| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12441| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12442| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12443| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12444| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12445| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12446| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12447| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12448| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12449| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12450| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12451| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12452| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12453| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12454| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12455| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12456| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12457| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12458| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12459| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12460| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12461| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12462| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12463| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12464| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12465| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12466| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12467| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12468| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12469| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12470| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12471| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12472| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12473| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12474| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12475| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12476| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12477| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12478| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12479| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12480| [127007] Apache Spark Request Code Execution
12481| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12482| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12483| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12484| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12485| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12486| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12487| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12488| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12489| [126346] Apache Tomcat Path privilege escalation
12490| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12491| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12492| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12493| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12494| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12495| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12496| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12497| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12498| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12499| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12500| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12501| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12502| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12503| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12504| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12505| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12506| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12507| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12508| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12509| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12510| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12511| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12512| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12513| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12514| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12515| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12516| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12517| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12518| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12519| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12520| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12521| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12522| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12523| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12524| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12525| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12526| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12527| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12528| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12529| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12530| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12531| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12532| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12533| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12534| [123197] Apache Sentry up to 2.0.0 privilege escalation
12535| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12536| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12537| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12538| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12539| [122800] Apache Spark 1.3.0 REST API weak authentication
12540| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12541| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12542| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12543| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12544| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12545| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12546| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12547| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12548| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12549| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12550| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12551| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12552| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12553| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12554| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12555| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12556| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12557| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12558| [121354] Apache CouchDB HTTP API Code Execution
12559| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12560| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12561| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12562| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12563| [120168] Apache CXF weak authentication
12564| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12565| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12566| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12567| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12568| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12569| [119306] Apache MXNet Network Interface privilege escalation
12570| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12571| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12572| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12573| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12574| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12575| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12576| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12577| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12578| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12579| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12580| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12581| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12582| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12583| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12584| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12585| [117115] Apache Tika up to 1.17 tika-server command injection
12586| [116929] Apache Fineract getReportType Parameter privilege escalation
12587| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12588| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12589| [116926] Apache Fineract REST Parameter privilege escalation
12590| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12591| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12592| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12593| [115883] Apache Hive up to 2.3.2 privilege escalation
12594| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12595| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12596| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12597| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12598| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12599| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12600| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12601| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12602| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12603| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12604| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12605| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12606| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12607| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12608| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12609| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12610| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12611| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12612| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12613| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12614| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12615| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12616| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12617| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12618| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12619| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12620| [113895] Apache Geode up to 1.3.x Code Execution
12621| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12622| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12623| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12624| [113747] Apache Tomcat Servlets privilege escalation
12625| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12626| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12627| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12628| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12629| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12630| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12631| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12632| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12633| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12634| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12635| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12636| [112885] Apache Allura up to 1.8.0 File information disclosure
12637| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12638| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12639| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12640| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12641| [112625] Apache POI up to 3.16 Loop denial of service
12642| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12643| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12644| [112339] Apache NiFi 1.5.0 Header privilege escalation
12645| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12646| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12647| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12648| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12649| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12650| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12651| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12652| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12653| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12654| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12655| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12656| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12657| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12658| [112114] Oracle 9.1 Apache Log4j privilege escalation
12659| [112113] Oracle 9.1 Apache Log4j privilege escalation
12660| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12661| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12662| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12663| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12664| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12665| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12666| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12667| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12668| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12669| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12670| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12671| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12672| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12673| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12674| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12675| [110701] Apache Fineract Query Parameter sql injection
12676| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12677| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12678| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12679| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12680| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12681| [110106] Apache CXF Fediz Spring cross site request forgery
12682| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12683| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12684| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12685| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12686| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12687| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12688| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12689| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12690| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12691| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12692| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12693| [108938] Apple macOS up to 10.13.1 apache denial of service
12694| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12695| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12696| [108935] Apple macOS up to 10.13.1 apache denial of service
12697| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12698| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12699| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12700| [108931] Apple macOS up to 10.13.1 apache denial of service
12701| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12702| [108929] Apple macOS up to 10.13.1 apache denial of service
12703| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12704| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12705| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12706| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12707| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12708| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12709| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12710| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
12711| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12712| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12713| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12714| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12715| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12716| [108782] Apache Xerces2 XML Service denial of service
12717| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12718| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12719| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12720| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12721| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12722| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12723| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12724| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12725| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12726| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12727| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12728| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12729| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12730| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12731| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12732| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12733| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12734| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12735| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12736| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12737| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12738| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12739| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12740| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12741| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12742| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12743| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12744| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12745| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12746| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12747| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12748| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12749| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12750| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12751| [107639] Apache NiFi 1.4.0 XML External Entity
12752| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12753| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12754| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12755| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12756| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12757| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12758| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12759| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12760| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12761| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12762| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12763| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12764| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12765| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12766| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12767| [107084] Apache Struts up to 2.3.19 cross site scripting
12768| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12769| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12770| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12771| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12772| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12773| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12774| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12775| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12776| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12777| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12778| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12779| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12780| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12781| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12782| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12783| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12784| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12785| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12786| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12787| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12788| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12789| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12790| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12791| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
12792| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
12793| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
12794| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
12795| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
12796| [105878] Apache Struts up to 2.3.24.0 privilege escalation
12797| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
12798| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
12799| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
12800| [105643] Apache Pony Mail up to 0.8b weak authentication
12801| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
12802| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
12803| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
12804| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
12805| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
12806| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
12807| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
12808| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
12809| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
12810| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
12811| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
12812| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
12813| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
12814| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
12815| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
12816| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
12817| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
12818| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
12819| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
12820| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
12821| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
12822| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
12823| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
12824| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
12825| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
12826| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
12827| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
12828| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
12829| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
12830| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
12831| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
12832| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
12833| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
12834| [103690] Apache OpenMeetings 1.0.0 sql injection
12835| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
12836| [103688] Apache OpenMeetings 1.0.0 weak encryption
12837| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
12838| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
12839| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
12840| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
12841| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
12842| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
12843| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
12844| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
12845| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
12846| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
12847| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
12848| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
12849| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
12850| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
12851| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
12852| [103352] Apache Solr Node weak authentication
12853| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
12854| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
12855| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
12856| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
12857| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
12858| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
12859| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
12860| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
12861| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
12862| [102536] Apache Ranger up to 0.6 Stored cross site scripting
12863| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
12864| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
12865| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
12866| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
12867| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
12868| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
12869| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
12870| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
12871| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
12872| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
12873| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
12874| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
12875| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
12876| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
12877| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
12878| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
12879| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
12880| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
12881| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
12882| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
12883| [99937] Apache Batik up to 1.8 privilege escalation
12884| [99936] Apache FOP up to 2.1 privilege escalation
12885| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
12886| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
12887| [99930] Apache Traffic Server up to 6.2.0 denial of service
12888| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
12889| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
12890| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
12891| [117569] Apache Hadoop up to 2.7.3 privilege escalation
12892| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
12893| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
12894| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
12895| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
12896| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
12897| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
12898| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
12899| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
12900| [99014] Apache Camel Jackson/JacksonXML privilege escalation
12901| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12902| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
12903| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12904| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
12905| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
12906| [98605] Apple macOS up to 10.12.3 Apache denial of service
12907| [98604] Apple macOS up to 10.12.3 Apache denial of service
12908| [98603] Apple macOS up to 10.12.3 Apache denial of service
12909| [98602] Apple macOS up to 10.12.3 Apache denial of service
12910| [98601] Apple macOS up to 10.12.3 Apache denial of service
12911| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
12912| [98405] Apache Hadoop up to 0.23.10 privilege escalation
12913| [98199] Apache Camel Validation XML External Entity
12914| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
12915| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
12916| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
12917| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
12918| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
12919| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
12920| [97081] Apache Tomcat HTTPS Request denial of service
12921| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
12922| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
12923| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
12924| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
12925| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
12926| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
12927| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
12928| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
12929| [95311] Apache Storm UI Daemon privilege escalation
12930| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
12931| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
12932| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
12933| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
12934| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
12935| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
12936| [94540] Apache Tika 1.9 tika-server File information disclosure
12937| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
12938| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
12939| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
12940| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
12941| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
12942| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
12943| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12944| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12945| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
12946| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
12947| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
12948| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
12949| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
12950| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
12951| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12952| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12953| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
12954| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
12955| [93532] Apache Commons Collections Library Java privilege escalation
12956| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
12957| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
12958| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
12959| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
12960| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
12961| [93098] Apache Commons FileUpload privilege escalation
12962| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
12963| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
12964| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
12965| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
12966| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
12967| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
12968| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
12969| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
12970| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
12971| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
12972| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
12973| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
12974| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
12975| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
12976| [92549] Apache Tomcat on Red Hat privilege escalation
12977| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
12978| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
12979| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
12980| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
12981| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
12982| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
12983| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
12984| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
12985| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
12986| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
12987| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
12988| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
12989| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
12990| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
12991| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
12992| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
12993| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
12994| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
12995| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
12996| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
12997| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
12998| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
12999| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13000| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13001| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13002| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13003| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13004| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13005| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13006| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13007| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13008| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13009| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13010| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13011| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13012| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13013| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13014| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13015| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13016| [90263] Apache Archiva Header denial of service
13017| [90262] Apache Archiva Deserialize privilege escalation
13018| [90261] Apache Archiva XML DTD Connection privilege escalation
13019| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13020| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13021| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13022| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13023| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13024| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13025| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13026| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13027| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13028| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13029| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13030| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13031| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13032| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13033| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13034| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13035| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13036| [87765] Apache James Server 2.3.2 Command privilege escalation
13037| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13038| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13039| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13040| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13041| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13042| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13043| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13044| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13045| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13046| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13047| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13048| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13049| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13050| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13051| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13052| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13053| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13054| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13055| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13056| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13057| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13058| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13059| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13060| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13061| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13062| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13063| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13064| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13065| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13066| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13067| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13068| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13069| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13070| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13071| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13072| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13073| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13074| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13075| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13076| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13077| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13078| [82076] Apache Ranger up to 0.5.1 privilege escalation
13079| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13080| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13081| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13082| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13083| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13084| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13085| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13086| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13087| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13088| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13089| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13090| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13091| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13092| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13093| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13094| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13095| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13096| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13097| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13098| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13099| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13100| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13101| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13102| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13103| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13104| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13105| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13106| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13107| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13108| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13109| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13110| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13111| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13112| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13113| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13114| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13115| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13116| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13117| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13118| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13119| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13120| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13121| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13122| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13123| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13124| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13125| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13126| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13127| [78989] Apache Ambari up to 2.1.1 Open Redirect
13128| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13129| [78987] Apache Ambari up to 2.0.x cross site scripting
13130| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13131| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13132| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13133| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13134| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13135| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13136| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13137| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13138| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13139| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13140| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13141| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13142| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13143| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13144| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13145| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13146| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13147| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13148| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13149| [76567] Apache Struts 2.3.20 unknown vulnerability
13150| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13151| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13152| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13153| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13154| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13155| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13156| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13157| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13158| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13159| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13160| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13161| [74793] Apache Tomcat File Upload denial of service
13162| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13163| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13164| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13165| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13166| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13167| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13168| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13169| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13170| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13171| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13172| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13173| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13174| [74468] Apache Batik up to 1.6 denial of service
13175| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13176| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13177| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13178| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13179| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13180| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13181| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13182| [73731] Apache XML Security unknown vulnerability
13183| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13184| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13185| [73593] Apache Traffic Server up to 5.1.0 denial of service
13186| [73511] Apache POI up to 3.10 Deadlock denial of service
13187| [73510] Apache Solr up to 4.3.0 cross site scripting
13188| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13189| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13190| [73173] Apache CloudStack Stack-Based unknown vulnerability
13191| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13192| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13193| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13194| [72890] Apache Qpid 0.30 unknown vulnerability
13195| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13196| [72878] Apache Cordova 3.5.0 cross site request forgery
13197| [72877] Apache Cordova 3.5.0 cross site request forgery
13198| [72876] Apache Cordova 3.5.0 cross site request forgery
13199| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13200| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13201| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13202| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13203| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13204| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13205| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13206| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13207| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13208| [71629] Apache Axis2/C spoofing
13209| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13210| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13211| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13212| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13213| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13214| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13215| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13216| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13217| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13218| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13219| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13220| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13221| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13222| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13223| [70809] Apache POI up to 3.11 Crash denial of service
13224| [70808] Apache POI up to 3.10 unknown vulnerability
13225| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13226| [70749] Apache Axis up to 1.4 getCN spoofing
13227| [70701] Apache Traffic Server up to 3.3.5 denial of service
13228| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13229| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13230| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13231| [70661] Apache Subversion up to 1.6.17 denial of service
13232| [70660] Apache Subversion up to 1.6.17 spoofing
13233| [70659] Apache Subversion up to 1.6.17 spoofing
13234| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13235| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13236| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13237| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13238| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13239| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13240| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13241| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13242| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13243| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13244| [69846] Apache HBase up to 0.94.8 information disclosure
13245| [69783] Apache CouchDB up to 1.2.0 memory corruption
13246| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13247| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13248| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13249| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13250| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13251| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13252| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13253| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13254| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13255| [69431] Apache Archiva up to 1.3.6 cross site scripting
13256| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13257| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13258| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13259| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13260| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13261| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13262| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13263| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13264| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13265| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13266| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13267| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13268| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13269| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13270| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13271| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13272| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13273| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13274| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13275| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13276| [66356] Apache Wicket up to 6.8.0 information disclosure
13277| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13278| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13279| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13280| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13281| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13282| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13283| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13284| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13285| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13286| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13287| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13288| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13289| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13290| [65668] Apache Solr 4.0.0 Updater denial of service
13291| [65665] Apache Solr up to 4.3.0 denial of service
13292| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13293| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13294| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13295| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13296| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13297| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13298| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13299| [65410] Apache Struts 2.3.15.3 cross site scripting
13300| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13301| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13302| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13303| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13304| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13305| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13306| [65340] Apache Shindig 2.5.0 information disclosure
13307| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13308| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13309| [10826] Apache Struts 2 File privilege escalation
13310| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13311| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13312| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13313| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13314| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13315| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13316| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13317| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13318| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13319| [64722] Apache XML Security for C++ Heap-based memory corruption
13320| [64719] Apache XML Security for C++ Heap-based memory corruption
13321| [64718] Apache XML Security for C++ verify denial of service
13322| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13323| [64716] Apache XML Security for C++ spoofing
13324| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13325| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13326| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13327| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13328| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13329| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13330| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13331| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13332| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13333| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13334| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13335| [64467] Apache Geronimo 3.0 memory corruption
13336| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13337| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13338| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13339| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13340| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13341| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13342| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13343| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13344| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13345| [8873] Apache Struts 2.3.14 privilege escalation
13346| [8872] Apache Struts 2.3.14 privilege escalation
13347| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13348| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13349| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13350| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13351| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13352| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13353| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13354| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13355| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13356| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13357| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13358| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13359| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13360| [8427] Apache Tomcat Session Transaction weak authentication
13361| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13362| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13363| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13364| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13365| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13366| [63747] Apache Rave up to 0.20 User Account information disclosure
13367| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13368| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13369| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13370| [7687] Apache CXF up to 2.7.2 Token weak authentication
13371| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13372| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13373| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13374| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13375| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13376| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13377| [63090] Apache Tomcat up to 4.1.24 denial of service
13378| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13379| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13380| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13381| [62833] Apache CXF -/2.6.0 spoofing
13382| [62832] Apache Axis2 up to 1.6.2 spoofing
13383| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13384| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13385| [62826] Apache Libcloud up to 0.11.0 spoofing
13386| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13387| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13388| [62661] Apache Axis2 unknown vulnerability
13389| [62658] Apache Axis2 unknown vulnerability
13390| [62467] Apache Qpid up to 0.17 denial of service
13391| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13392| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13393| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13394| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13395| [62035] Apache Struts up to 2.3.4 denial of service
13396| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13397| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13398| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13399| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13400| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13401| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13402| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13403| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13404| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13405| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13406| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13407| [61229] Apache Sling up to 2.1.1 denial of service
13408| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13409| [61094] Apache Roller up to 5.0 cross site scripting
13410| [61093] Apache Roller up to 5.0 cross site request forgery
13411| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13412| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13413| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13414| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13415| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13416| [60708] Apache Qpid 0.12 unknown vulnerability
13417| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13418| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13419| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13420| [4882] Apache Wicket up to 1.5.4 directory traversal
13421| [4881] Apache Wicket up to 1.4.19 cross site scripting
13422| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13423| [60352] Apache Struts up to 2.2.3 memory corruption
13424| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13425| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13426| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13427| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13428| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13429| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13430| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13431| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13432| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13433| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13434| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13435| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13436| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13437| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13438| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13439| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13440| [59888] Apache Tomcat up to 6.0.6 denial of service
13441| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13442| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13443| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13444| [59850] Apache Geronimo up to 2.2.1 denial of service
13445| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13446| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13447| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13448| [58413] Apache Tomcat up to 6.0.10 spoofing
13449| [58381] Apache Wicket up to 1.4.17 cross site scripting
13450| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13451| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13452| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13453| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13454| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13455| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13456| [57568] Apache Archiva up to 1.3.4 cross site scripting
13457| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13458| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13459| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13460| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13461| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13462| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13463| [57025] Apache Tomcat up to 7.0.11 information disclosure
13464| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13465| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13466| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13467| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13468| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13469| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13470| [56512] Apache Continuum up to 1.4.0 cross site scripting
13471| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13472| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13473| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13474| [56441] Apache Tomcat up to 7.0.6 denial of service
13475| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13476| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13477| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13478| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13479| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13480| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13481| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13482| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13483| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13484| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13485| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13486| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13487| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13488| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13489| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13490| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13491| [54012] Apache Tomcat up to 6.0.10 denial of service
13492| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13493| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13494| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13495| [52894] Apache Tomcat up to 6.0.7 information disclosure
13496| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13497| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13498| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13499| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13500| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13501| [52584] Apache CouchDB up to 0.10.1 information disclosure
13502| [51757] Apache HTTP Server 2.0.44 cross site scripting
13503| [51756] Apache HTTP Server 2.0.44 spoofing
13504| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13505| [51690] Apache Tomcat up to 6.0 directory traversal
13506| [51689] Apache Tomcat up to 6.0 information disclosure
13507| [51688] Apache Tomcat up to 6.0 directory traversal
13508| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13509| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13510| [50626] Apache Solr 1.0.0 cross site scripting
13511| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13512| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13513| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13514| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13515| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13516| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13517| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13518| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13519| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13520| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13521| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13522| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13523| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13524| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13525| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13526| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13527| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13528| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13529| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13530| [47214] Apachefriends xampp 1.6.8 spoofing
13531| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13532| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13533| [47065] Apache Tomcat 4.1.23 cross site scripting
13534| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13535| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13536| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13537| [86625] Apache Struts directory traversal
13538| [44461] Apache Tomcat up to 5.5.0 information disclosure
13539| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13540| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13541| [43663] Apache Tomcat up to 6.0.16 directory traversal
13542| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13543| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13544| [43516] Apache Tomcat up to 4.1.20 directory traversal
13545| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13546| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13547| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13548| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13549| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13550| [40924] Apache Tomcat up to 6.0.15 information disclosure
13551| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13552| [40922] Apache Tomcat up to 6.0 information disclosure
13553| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13554| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13555| [40656] Apache Tomcat 5.5.20 information disclosure
13556| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13557| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13558| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13559| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13560| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13561| [40234] Apache Tomcat up to 6.0.15 directory traversal
13562| [40221] Apache HTTP Server 2.2.6 information disclosure
13563| [40027] David Castro Apache Authcas 0.4 sql injection
13564| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13565| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13566| [3414] Apache Tomcat WebDAV Stored privilege escalation
13567| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13568| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13569| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13570| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13571| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13572| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13573| [38524] Apache Geronimo 2.0 unknown vulnerability
13574| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13575| [38331] Apache Tomcat 4.1.24 information disclosure
13576| [38330] Apache Tomcat 4.1.24 information disclosure
13577| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13578| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13579| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13580| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13581| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13582| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13583| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13584| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13585| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13586| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13587| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13588| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13589| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13590| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13591| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13592| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13593| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13594| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13595| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13596| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13597| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13598| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13599| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13600| [34252] Apache HTTP Server denial of service
13601| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13602| [33877] Apache Opentaps 0.9.3 cross site scripting
13603| [33876] Apache Open For Business Project unknown vulnerability
13604| [33875] Apache Open For Business Project cross site scripting
13605| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13606| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13607|
13608| MITRE CVE - https://cve.mitre.org:
13609| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13610| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13611| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13612| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13613| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13614| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13615| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13616| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13617| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13618| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13619| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13620| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13621| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13622| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13623| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13624| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13625| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13626| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13627| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13628| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13629| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13630| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13631| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13632| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13633| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13634| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13635| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13636| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13637| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13638| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13639| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13640| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13641| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13642| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13643| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13644| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13645| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13646| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13647| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13648| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13649| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13650| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13651| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13652| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13653| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13654| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13655| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13656| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13657| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13658| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13659| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13660| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13661| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13662| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13663| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13664| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13665| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13666| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13667| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13668| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13669| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13670| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13671| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13672| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13673| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13674| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13675| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13676| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13677| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13678| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13679| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13680| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13681| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13682| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13683| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13684| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13685| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13686| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13687| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13688| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13689| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13690| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13691| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13692| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13693| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13694| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13695| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13696| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13697| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13698| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13699| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13700| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13701| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13702| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13703| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13704| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13705| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13706| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13707| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13708| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13709| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13710| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13711| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13712| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13713| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13714| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13715| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13716| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13717| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13718| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13719| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13720| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13721| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13722| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13723| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13724| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13725| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13726| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13727| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13728| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13729| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13730| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13731| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13732| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13733| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13734| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13735| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13736| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13737| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13738| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13739| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13740| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13741| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13742| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13743| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13744| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13745| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13746| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13747| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13748| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13749| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13750| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13751| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13752| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13753| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13754| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13755| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13756| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13757| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13758| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13759| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13760| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13761| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13762| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13763| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13764| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13765| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13766| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13767| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13768| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13769| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13770| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13771| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13772| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13773| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13774| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13775| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13776| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13777| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13778| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13779| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13780| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13781| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13782| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13783| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13784| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13785| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13786| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13787| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13788| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13789| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13790| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13791| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
13792| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
13793| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
13794| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
13795| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
13796| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
13797| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
13798| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
13799| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
13800| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
13801| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
13802| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
13803| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
13804| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
13805| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
13806| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
13807| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
13808| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
13809| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
13810| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
13811| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
13812| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
13813| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
13814| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
13815| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
13816| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
13817| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
13818| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
13819| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
13820| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
13821| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
13822| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
13823| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
13824| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
13825| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
13826| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
13827| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
13828| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13829| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13830| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13831| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
13832| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
13833| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
13834| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
13835| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13836| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
13837| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
13838| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
13839| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
13840| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
13841| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
13842| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
13843| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
13844| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
13845| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
13846| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
13847| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13848| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
13849| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
13850| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
13851| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
13852| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
13853| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13854| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
13855| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
13856| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
13857| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
13858| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
13859| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
13860| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
13861| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
13862| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
13863| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
13864| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
13865| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
13866| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
13867| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
13868| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
13869| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
13870| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
13871| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
13872| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
13873| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
13874| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
13875| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
13876| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
13877| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
13878| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13879| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
13880| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
13881| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
13882| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
13883| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
13884| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
13885| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
13886| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
13887| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
13888| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
13889| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
13890| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
13891| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
13892| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
13893| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
13894| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
13895| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
13896| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
13897| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
13898| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
13899| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
13900| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
13901| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
13902| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13903| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13904| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
13905| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
13906| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
13907| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13908| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
13909| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
13910| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
13911| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
13912| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
13913| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
13914| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13915| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13916| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
13917| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
13918| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
13919| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13920| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
13921| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
13922| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
13923| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
13924| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
13925| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
13926| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
13927| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
13928| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13929| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
13930| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
13931| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
13932| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
13933| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
13934| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
13935| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
13936| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
13937| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
13938| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
13939| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
13940| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
13941| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
13942| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
13943| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
13944| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
13945| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
13946| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
13947| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
13948| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
13949| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
13950| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
13951| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
13952| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
13953| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
13954| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
13955| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
13956| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13957| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13958| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
13959| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
13960| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
13961| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13962| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
13963| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
13964| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
13965| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
13966| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
13967| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
13968| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
13969| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
13970| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
13971| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
13972| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
13973| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
13974| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
13975| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13976| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13977| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
13978| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
13979| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
13980| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
13981| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
13982| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
13983| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
13984| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13985| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
13986| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13987| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
13988| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
13989| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
13990| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13991| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
13992| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13993| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
13994| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
13995| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13996| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
13997| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
13998| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
13999| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14000| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14001| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14002| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14003| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14004| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14005| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14006| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14007| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14008| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14009| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14010| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14011| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14012| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14013| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14014| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14015| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14016| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14017| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14018| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14019| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14020| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14021| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14022| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14023| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14024| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14025| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14026| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14027| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14028| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14029| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14030| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14031| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14032| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14033| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14034| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14035| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14036| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14037| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14038| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14039| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14040| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14041| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14042| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14043| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14044| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14045| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14046| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14047| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14048| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14049| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14050| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14051| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14052| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14053| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14054| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14055| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14056| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14057| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14058| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14059| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14060| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14061| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14062| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14063| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14064| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14065| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14066| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14067| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14068| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14069| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14070| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14071| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14072| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14073| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14074| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14075| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14076| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14077| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14078| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14079| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14080| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14081| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14082| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14083| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14084| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14085| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14086| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14087| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14088| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14089| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14090| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14091| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14092| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14093| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14094| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14095| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14096| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14097| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14098| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14099| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14100| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14101| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14102| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14103| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14104| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14105| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14106| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14107| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14108| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14109| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14110| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14111| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14112| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14113| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14114| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14115| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14116| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14117| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14118| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14119| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14120| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14121| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14122| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14123| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14124| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14125| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14126| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14127| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14128| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14129| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14130| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14131| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14132| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14133| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14134| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14135| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14136| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14137| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14138| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14139| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14140| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14141| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14142| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14143| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14144| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14145| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14146| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14147| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14148| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14149| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14150| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14151| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14152| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14153| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14154| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14155| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14156| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14157| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14158| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14159| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14160| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14161| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14162| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14163| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14164| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14165| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14166| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14167| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14168| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14169| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14170| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14171| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14172| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14173| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14174| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14175| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14176| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14177| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14178| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14179| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14180| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14181| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14182| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14183| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14184| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14185| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14186| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14187| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14188| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14189| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14190| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14191| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14192| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14193| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14194| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14195| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14196| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14197| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14198| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14199| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14200| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14201| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14202| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14203| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14204| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14205| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14206| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14207| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14208| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14209| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14210| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14211| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14212| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14213| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14214| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14215| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14216| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14217| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14218|
14219| SecurityFocus - https://www.securityfocus.com/bid/:
14220| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14221| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14222| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14223| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14224| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14225| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14226| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14227| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14228| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14229| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14230| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14231| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14232| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14233| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14234| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14235| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14236| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14237| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14238| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14239| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14240| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14241| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14242| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14243| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14244| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14245| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14246| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14247| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14248| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14249| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14250| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14251| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14252| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14253| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14254| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14255| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14256| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14257| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14258| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14259| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14260| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14261| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14262| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14263| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14264| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14265| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14266| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14267| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14268| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14269| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14270| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14271| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14272| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14273| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14274| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14275| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14276| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14277| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14278| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14279| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14280| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14281| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14282| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14283| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14284| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14285| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14286| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14287| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14288| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14289| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14290| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14291| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14292| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14293| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14294| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14295| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14296| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14297| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14298| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14299| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14300| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14301| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14302| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14303| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14304| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14305| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14306| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14307| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14308| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14309| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14310| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14311| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14312| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14313| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14314| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14315| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14316| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14317| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14318| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14319| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14320| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14321| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14322| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14323| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14324| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14325| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14326| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14327| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14328| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14329| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14330| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14331| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14332| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14333| [100447] Apache2Triad Multiple Security Vulnerabilities
14334| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14335| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14336| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14337| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14338| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14339| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14340| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14341| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14342| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14343| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14344| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14345| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14346| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14347| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14348| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14349| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14350| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14351| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14352| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14353| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14354| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14355| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14356| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14357| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14358| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14359| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14360| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14361| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14362| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14363| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14364| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14365| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14366| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14367| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14368| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14369| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14370| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14371| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14372| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14373| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14374| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14375| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14376| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14377| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14378| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14379| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14380| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14381| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14382| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14383| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14384| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14385| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14386| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14387| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14388| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14389| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14390| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14391| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14392| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14393| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14394| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14395| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14396| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14397| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14398| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14399| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14400| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14401| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14402| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14403| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14404| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14405| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14406| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14407| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14408| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14409| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14410| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14411| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14412| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14413| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14414| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14415| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14416| [95675] Apache Struts Remote Code Execution Vulnerability
14417| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14418| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14419| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14420| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14421| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14422| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14423| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14424| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14425| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14426| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14427| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14428| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14429| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14430| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14431| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14432| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14433| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14434| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14435| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14436| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14437| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14438| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14439| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14440| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14441| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14442| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14443| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14444| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14445| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14446| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14447| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14448| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14449| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14450| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14451| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14452| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14453| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14454| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14455| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14456| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14457| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14458| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14459| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14460| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14461| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14462| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14463| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14464| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14465| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14466| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14467| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14468| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14469| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14470| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14471| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14472| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14473| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14474| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14475| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14476| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14477| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14478| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14479| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14480| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14481| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14482| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14483| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14484| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14485| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14486| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14487| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14488| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14489| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14490| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14491| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14492| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14493| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14494| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14495| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14496| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14497| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14498| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14499| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14500| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14501| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14502| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14503| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14504| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14505| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14506| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14507| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14508| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14509| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14510| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14511| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14512| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14513| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14514| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14515| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14516| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14517| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14518| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14519| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14520| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14521| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14522| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14523| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14524| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14525| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14526| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14527| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14528| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14529| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14530| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14531| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14532| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14533| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14534| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14535| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14536| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14537| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14538| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14539| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14540| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14541| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14542| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14543| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14544| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14545| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14546| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14547| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14548| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14549| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14550| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14551| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14552| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14553| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14554| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14555| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14556| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14557| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14558| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14559| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14560| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14561| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14562| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14563| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14564| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14565| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14566| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14567| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14568| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14569| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14570| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14571| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14572| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14573| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14574| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14575| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14576| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14577| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14578| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14579| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14580| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14581| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14582| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14583| [76933] Apache James Server Unspecified Command Execution Vulnerability
14584| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14585| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14586| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14587| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14588| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14589| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14590| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14591| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14592| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14593| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14594| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14595| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14596| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14597| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14598| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14599| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14600| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14601| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14602| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14603| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14604| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14605| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14606| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14607| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14608| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14609| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14610| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14611| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14612| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14613| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14614| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14615| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14616| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14617| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14618| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14619| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14620| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14621| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14622| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14623| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14624| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14625| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14626| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14627| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14628| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14629| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14630| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14631| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14632| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14633| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14634| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14635| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14636| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14637| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14638| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14639| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14640| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14641| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14642| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14643| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14644| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14645| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14646| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14647| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14648| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14649| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14650| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14651| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14652| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14653| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14654| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14655| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14656| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14657| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14658| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14659| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14660| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14661| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14662| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14663| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14664| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14665| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14666| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14667| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14668| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14669| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14670| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14671| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14672| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14673| [68229] Apache Harmony PRNG Entropy Weakness
14674| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14675| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14676| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14677| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14678| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14679| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14680| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14681| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14682| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14683| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14684| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14685| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14686| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14687| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14688| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14689| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14690| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14691| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14692| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14693| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14694| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14695| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14696| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14697| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14698| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14699| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14700| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14701| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14702| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14703| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14704| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14705| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14706| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14707| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14708| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14709| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14710| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14711| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14712| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14713| [64780] Apache CloudStack Unauthorized Access Vulnerability
14714| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14715| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14716| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14717| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14718| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14719| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14720| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14721| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14722| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14723| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14724| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14725| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14726| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14727| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14728| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14729| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14730| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14731| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14732| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14733| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14734| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14735| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14736| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14737| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14738| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14739| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14740| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14741| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14742| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14743| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14744| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14745| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14746| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14747| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14748| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14749| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14750| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14751| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14752| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14753| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14754| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14755| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14756| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14757| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14758| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14759| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14760| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14761| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14762| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14763| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14764| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14765| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14766| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14767| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14768| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14769| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14770| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14771| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14772| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14773| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14774| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14775| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14776| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14777| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14778| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14779| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14780| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14781| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14782| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14783| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14784| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14785| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14786| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14787| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14788| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14789| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14790| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14791| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
14792| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
14793| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
14794| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
14795| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
14796| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
14797| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
14798| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
14799| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
14800| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
14801| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
14802| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
14803| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
14804| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
14805| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
14806| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
14807| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
14808| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
14809| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
14810| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
14811| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
14812| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
14813| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
14814| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
14815| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
14816| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
14817| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
14818| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
14819| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
14820| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
14821| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
14822| [54798] Apache Libcloud Man In The Middle Vulnerability
14823| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
14824| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
14825| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
14826| [54189] Apache Roller Cross Site Request Forgery Vulnerability
14827| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
14828| [53880] Apache CXF Child Policies Security Bypass Vulnerability
14829| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
14830| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
14831| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
14832| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
14833| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
14834| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
14835| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
14836| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14837| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
14838| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
14839| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
14840| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
14841| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
14842| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
14843| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
14844| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
14845| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
14846| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
14847| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
14848| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
14849| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14850| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14851| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
14852| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
14853| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
14854| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
14855| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
14856| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
14857| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
14858| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14859| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
14860| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
14861| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
14862| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
14863| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14864| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14865| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
14866| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
14867| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14868| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
14869| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
14870| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
14871| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
14872| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
14873| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
14874| [49290] Apache Wicket Cross Site Scripting Vulnerability
14875| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
14876| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
14877| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
14878| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
14879| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
14880| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
14881| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
14882| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14883| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
14884| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
14885| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
14886| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
14887| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
14888| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
14889| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
14890| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
14891| [46953] Apache MPM-ITK Module Security Weakness
14892| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
14893| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
14894| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
14895| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
14896| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
14897| [46166] Apache Tomcat JVM Denial of Service Vulnerability
14898| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
14899| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14900| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
14901| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
14902| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
14903| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
14904| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
14905| [44616] Apache Shiro Directory Traversal Vulnerability
14906| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
14907| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
14908| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
14909| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
14910| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
14911| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14912| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
14913| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
14914| [42492] Apache CXF XML DTD Processing Security Vulnerability
14915| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
14916| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14917| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14918| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
14919| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
14920| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14921| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
14922| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
14923| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
14924| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14925| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14926| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
14927| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
14928| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14929| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
14930| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
14931| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
14932| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
14933| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
14934| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
14935| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
14936| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
14937| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
14938| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
14939| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
14940| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
14941| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
14942| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
14943| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
14944| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
14945| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14946| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
14947| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
14948| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
14949| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
14950| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14951| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
14952| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
14953| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
14954| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
14955| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
14956| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14957| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14958| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
14959| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
14960| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
14961| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
14962| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
14963| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
14964| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14965| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
14966| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
14967| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14968| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
14969| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
14970| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
14971| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
14972| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
14973| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
14974| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
14975| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14976| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
14977| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
14978| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
14979| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
14980| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
14981| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
14982| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
14983| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
14984| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
14985| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14986| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
14987| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14988| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
14989| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
14990| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
14991| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
14992| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14993| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14994| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
14995| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
14996| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
14997| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
14998| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
14999| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15000| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15001| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15002| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15003| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15004| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15005| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15006| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15007| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15008| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15009| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15010| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15011| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15012| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15013| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15014| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15015| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15016| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15017| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15018| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15019| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15020| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15021| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15022| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15023| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15024| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15025| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15026| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15027| [20527] Apache Mod_TCL Remote Format String Vulnerability
15028| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15029| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15030| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15031| [19106] Apache Tomcat Information Disclosure Vulnerability
15032| [18138] Apache James SMTP Denial Of Service Vulnerability
15033| [17342] Apache Struts Multiple Remote Vulnerabilities
15034| [17095] Apache Log4Net Denial Of Service Vulnerability
15035| [16916] Apache mod_python FileSession Code Execution Vulnerability
15036| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15037| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15038| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15039| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15040| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15041| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15042| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15043| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15044| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15045| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15046| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15047| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15048| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15049| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15050| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15051| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15052| [14106] Apache HTTP Request Smuggling Vulnerability
15053| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15054| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15055| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15056| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15057| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15058| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15059| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15060| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15061| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15062| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15063| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15064| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15065| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15066| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15067| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15068| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15069| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15070| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15071| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15072| [11094] Apache mod_ssl Denial Of Service Vulnerability
15073| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15074| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15075| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15076| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15077| [10478] ClueCentral Apache Suexec Patch Security Weakness
15078| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15079| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15080| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15081| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15082| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15083| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15084| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15085| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15086| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15087| [9733] Apache Cygwin Directory Traversal Vulnerability
15088| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15089| [9590] Apache-SSL Client Certificate Forging Vulnerability
15090| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15091| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15092| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15093| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15094| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15095| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15096| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15097| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15098| [8898] Red Hat Apache Directory Index Default Configuration Error
15099| [8883] Apache Cocoon Directory Traversal Vulnerability
15100| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15101| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15102| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15103| [8707] Apache htpasswd Password Entropy Weakness
15104| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15105| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15106| [8226] Apache HTTP Server Multiple Vulnerabilities
15107| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15108| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15109| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15110| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15111| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15112| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15113| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15114| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15115| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15116| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15117| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15118| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15119| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15120| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15121| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15122| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15123| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15124| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15125| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15126| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15127| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15128| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15129| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15130| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15131| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15132| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15133| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15134| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15135| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15136| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15137| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15138| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15139| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15140| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15141| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15142| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15143| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15144| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15145| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15146| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15147| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15148| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15149| [5485] Apache 2.0 Path Disclosure Vulnerability
15150| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15151| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15152| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15153| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15154| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15155| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15156| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15157| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15158| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15159| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15160| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15161| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15162| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15163| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15164| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15165| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15166| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15167| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15168| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15169| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15170| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15171| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15172| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15173| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15174| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15175| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15176| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15177| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15178| [3596] Apache Split-Logfile File Append Vulnerability
15179| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15180| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15181| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15182| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15183| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15184| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15185| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15186| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15187| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15188| [3169] Apache Server Address Disclosure Vulnerability
15189| [3009] Apache Possible Directory Index Disclosure Vulnerability
15190| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15191| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15192| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15193| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15194| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15195| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15196| [2216] Apache Web Server DoS Vulnerability
15197| [2182] Apache /tmp File Race Vulnerability
15198| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15199| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15200| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15201| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15202| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15203| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15204| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15205| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15206| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15207| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15208| [1457] Apache::ASP source.asp Example Script Vulnerability
15209| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15210| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15211|
15212| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15213| [86258] Apache CloudStack text fields cross-site scripting
15214| [85983] Apache Subversion mod_dav_svn module denial of service
15215| [85875] Apache OFBiz UEL code execution
15216| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15217| [85871] Apache HTTP Server mod_session_dbd unspecified
15218| [85756] Apache Struts OGNL expression command execution
15219| [85755] Apache Struts DefaultActionMapper class open redirect
15220| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15221| [85574] Apache HTTP Server mod_dav denial of service
15222| [85573] Apache Struts Showcase App OGNL code execution
15223| [85496] Apache CXF denial of service
15224| [85423] Apache Geronimo RMI classloader code execution
15225| [85326] Apache Santuario XML Security for C++ buffer overflow
15226| [85323] Apache Santuario XML Security for Java spoofing
15227| [85319] Apache Qpid Python client SSL spoofing
15228| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15229| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15230| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15231| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15232| [84952] Apache Tomcat CVE-2012-3544 denial of service
15233| [84763] Apache Struts CVE-2013-2135 security bypass
15234| [84762] Apache Struts CVE-2013-2134 security bypass
15235| [84719] Apache Subversion CVE-2013-2088 command execution
15236| [84718] Apache Subversion CVE-2013-2112 denial of service
15237| [84717] Apache Subversion CVE-2013-1968 denial of service
15238| [84577] Apache Tomcat security bypass
15239| [84576] Apache Tomcat symlink
15240| [84543] Apache Struts CVE-2013-2115 security bypass
15241| [84542] Apache Struts CVE-2013-1966 security bypass
15242| [84154] Apache Tomcat session hijacking
15243| [84144] Apache Tomcat denial of service
15244| [84143] Apache Tomcat information disclosure
15245| [84111] Apache HTTP Server command execution
15246| [84043] Apache Virtual Computing Lab cross-site scripting
15247| [84042] Apache Virtual Computing Lab cross-site scripting
15248| [83782] Apache CloudStack information disclosure
15249| [83781] Apache CloudStack security bypass
15250| [83720] Apache ActiveMQ cross-site scripting
15251| [83719] Apache ActiveMQ denial of service
15252| [83718] Apache ActiveMQ denial of service
15253| [83263] Apache Subversion denial of service
15254| [83262] Apache Subversion denial of service
15255| [83261] Apache Subversion denial of service
15256| [83259] Apache Subversion denial of service
15257| [83035] Apache mod_ruid2 security bypass
15258| [82852] Apache Qpid federation_tag security bypass
15259| [82851] Apache Qpid qpid::framing::Buffer denial of service
15260| [82758] Apache Rave User RPC API information disclosure
15261| [82663] Apache Subversion svn_fs_file_length() denial of service
15262| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15263| [82641] Apache Qpid AMQP denial of service
15264| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15265| [82618] Apache Commons FileUpload symlink
15266| [82360] Apache HTTP Server manager interface cross-site scripting
15267| [82359] Apache HTTP Server hostnames cross-site scripting
15268| [82338] Apache Tomcat log/logdir information disclosure
15269| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15270| [82268] Apache OpenJPA deserialization command execution
15271| [81981] Apache CXF UsernameTokens security bypass
15272| [81980] Apache CXF WS-Security security bypass
15273| [81398] Apache OFBiz cross-site scripting
15274| [81240] Apache CouchDB directory traversal
15275| [81226] Apache CouchDB JSONP code execution
15276| [81225] Apache CouchDB Futon user interface cross-site scripting
15277| [81211] Apache Axis2/C SSL spoofing
15278| [81167] Apache CloudStack DeployVM information disclosure
15279| [81166] Apache CloudStack AddHost API information disclosure
15280| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15281| [80518] Apache Tomcat cross-site request forgery security bypass
15282| [80517] Apache Tomcat FormAuthenticator security bypass
15283| [80516] Apache Tomcat NIO denial of service
15284| [80408] Apache Tomcat replay-countermeasure security bypass
15285| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15286| [80317] Apache Tomcat slowloris denial of service
15287| [79984] Apache Commons HttpClient SSL spoofing
15288| [79983] Apache CXF SSL spoofing
15289| [79830] Apache Axis2/Java SSL spoofing
15290| [79829] Apache Axis SSL spoofing
15291| [79809] Apache Tomcat DIGEST security bypass
15292| [79806] Apache Tomcat parseHeaders() denial of service
15293| [79540] Apache OFBiz unspecified
15294| [79487] Apache Axis2 SAML security bypass
15295| [79212] Apache Cloudstack code execution
15296| [78734] Apache CXF SOAP Action security bypass
15297| [78730] Apache Qpid broker denial of service
15298| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15299| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15300| [78562] Apache mod_pagespeed module security bypass
15301| [78454] Apache Axis2 security bypass
15302| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15303| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15304| [78321] Apache Wicket unspecified cross-site scripting
15305| [78183] Apache Struts parameters denial of service
15306| [78182] Apache Struts cross-site request forgery
15307| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15308| [77987] mod_rpaf module for Apache denial of service
15309| [77958] Apache Struts skill name code execution
15310| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15311| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15312| [77568] Apache Qpid broker security bypass
15313| [77421] Apache Libcloud spoofing
15314| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15315| [77046] Oracle Solaris Apache HTTP Server information disclosure
15316| [76837] Apache Hadoop information disclosure
15317| [76802] Apache Sling CopyFrom denial of service
15318| [76692] Apache Hadoop symlink
15319| [76535] Apache Roller console cross-site request forgery
15320| [76534] Apache Roller weblog cross-site scripting
15321| [76152] Apache CXF elements security bypass
15322| [76151] Apache CXF child policies security bypass
15323| [75983] MapServer for Windows Apache file include
15324| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15325| [75558] Apache POI denial of service
15326| [75545] PHP apache_request_headers() buffer overflow
15327| [75302] Apache Qpid SASL security bypass
15328| [75211] Debian GNU/Linux apache 2 cross-site scripting
15329| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15330| [74871] Apache OFBiz FlexibleStringExpander code execution
15331| [74870] Apache OFBiz multiple cross-site scripting
15332| [74750] Apache Hadoop unspecified spoofing
15333| [74319] Apache Struts XSLTResult.java file upload
15334| [74313] Apache Traffic Server header buffer overflow
15335| [74276] Apache Wicket directory traversal
15336| [74273] Apache Wicket unspecified cross-site scripting
15337| [74181] Apache HTTP Server mod_fcgid module denial of service
15338| [73690] Apache Struts OGNL code execution
15339| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15340| [73100] Apache MyFaces in directory traversal
15341| [73096] Apache APR hash denial of service
15342| [73052] Apache Struts name cross-site scripting
15343| [73030] Apache CXF UsernameToken security bypass
15344| [72888] Apache Struts lastName cross-site scripting
15345| [72758] Apache HTTP Server httpOnly information disclosure
15346| [72757] Apache HTTP Server MPM denial of service
15347| [72585] Apache Struts ParameterInterceptor security bypass
15348| [72438] Apache Tomcat Digest security bypass
15349| [72437] Apache Tomcat Digest security bypass
15350| [72436] Apache Tomcat DIGEST security bypass
15351| [72425] Apache Tomcat parameter denial of service
15352| [72422] Apache Tomcat request object information disclosure
15353| [72377] Apache HTTP Server scoreboard security bypass
15354| [72345] Apache HTTP Server HTTP request denial of service
15355| [72229] Apache Struts ExceptionDelegator command execution
15356| [72089] Apache Struts ParameterInterceptor directory traversal
15357| [72088] Apache Struts CookieInterceptor command execution
15358| [72047] Apache Geronimo hash denial of service
15359| [72016] Apache Tomcat hash denial of service
15360| [71711] Apache Struts OGNL expression code execution
15361| [71654] Apache Struts interfaces security bypass
15362| [71620] Apache ActiveMQ failover denial of service
15363| [71617] Apache HTTP Server mod_proxy module information disclosure
15364| [71508] Apache MyFaces EL security bypass
15365| [71445] Apache HTTP Server mod_proxy security bypass
15366| [71203] Apache Tomcat servlets privilege escalation
15367| [71181] Apache HTTP Server ap_pregsub() denial of service
15368| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15369| [70336] Apache HTTP Server mod_proxy information disclosure
15370| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15371| [69472] Apache Tomcat AJP security bypass
15372| [69396] Apache HTTP Server ByteRange filter denial of service
15373| [69394] Apache Wicket multi window support cross-site scripting
15374| [69176] Apache Tomcat XML information disclosure
15375| [69161] Apache Tomcat jsvc information disclosure
15376| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15377| [68541] Apache Tomcat sendfile information disclosure
15378| [68420] Apache XML Security denial of service
15379| [68238] Apache Tomcat JMX information disclosure
15380| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15381| [67804] Apache Subversion control rules information disclosure
15382| [67803] Apache Subversion control rules denial of service
15383| [67802] Apache Subversion baselined denial of service
15384| [67672] Apache Archiva multiple cross-site scripting
15385| [67671] Apache Archiva multiple cross-site request forgery
15386| [67564] Apache APR apr_fnmatch() denial of service
15387| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15388| [67515] Apache Tomcat annotations security bypass
15389| [67480] Apache Struts s:submit information disclosure
15390| [67414] Apache APR apr_fnmatch() denial of service
15391| [67356] Apache Struts javatemplates cross-site scripting
15392| [67354] Apache Struts Xwork cross-site scripting
15393| [66676] Apache Tomcat HTTP BIO information disclosure
15394| [66675] Apache Tomcat web.xml security bypass
15395| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15396| [66241] Apache HttpComponents information disclosure
15397| [66154] Apache Tomcat ServletSecurity security bypass
15398| [65971] Apache Tomcat ServletSecurity security bypass
15399| [65876] Apache Subversion mod_dav_svn denial of service
15400| [65343] Apache Continuum unspecified cross-site scripting
15401| [65162] Apache Tomcat NIO connector denial of service
15402| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15403| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15404| [65159] Apache Tomcat ServletContect security bypass
15405| [65050] Apache CouchDB web-based administration UI cross-site scripting
15406| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15407| [64473] Apache Subversion blame -g denial of service
15408| [64472] Apache Subversion walk() denial of service
15409| [64407] Apache Axis2 CVE-2010-0219 code execution
15410| [63926] Apache Archiva password privilege escalation
15411| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15412| [63493] Apache Archiva credentials cross-site request forgery
15413| [63477] Apache Tomcat HttpOnly session hijacking
15414| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15415| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15416| [62959] Apache Shiro filters security bypass
15417| [62790] Apache Perl cgi module denial of service
15418| [62576] Apache Qpid exchange denial of service
15419| [62575] Apache Qpid AMQP denial of service
15420| [62354] Apache Qpid SSL denial of service
15421| [62235] Apache APR-util apr_brigade_split_line() denial of service
15422| [62181] Apache XML-RPC SAX Parser information disclosure
15423| [61721] Apache Traffic Server cache poisoning
15424| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15425| [61186] Apache CouchDB Futon cross-site request forgery
15426| [61169] Apache CXF DTD denial of service
15427| [61070] Apache Jackrabbit search.jsp SQL injection
15428| [61006] Apache SLMS Quoting cross-site request forgery
15429| [60962] Apache Tomcat time cross-site scripting
15430| [60883] Apache mod_proxy_http information disclosure
15431| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15432| [60264] Apache Tomcat Transfer-Encoding denial of service
15433| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15434| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15435| [59413] Apache mod_proxy_http timeout information disclosure
15436| [59058] Apache MyFaces unencrypted view state cross-site scripting
15437| [58827] Apache Axis2 xsd file include
15438| [58790] Apache Axis2 modules cross-site scripting
15439| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15440| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15441| [58056] Apache ActiveMQ .jsp source code disclosure
15442| [58055] Apache Tomcat realm name information disclosure
15443| [58046] Apache HTTP Server mod_auth_shadow security bypass
15444| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15445| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15446| [57429] Apache CouchDB algorithms information disclosure
15447| [57398] Apache ActiveMQ Web console cross-site request forgery
15448| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15449| [56653] Apache HTTP Server DNS spoofing
15450| [56652] Apache HTTP Server DNS cross-site scripting
15451| [56625] Apache HTTP Server request header information disclosure
15452| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15453| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15454| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15455| [55857] Apache Tomcat WAR files directory traversal
15456| [55856] Apache Tomcat autoDeploy attribute security bypass
15457| [55855] Apache Tomcat WAR directory traversal
15458| [55210] Intuit component for Joomla! Apache information disclosure
15459| [54533] Apache Tomcat 404 error page cross-site scripting
15460| [54182] Apache Tomcat admin default password
15461| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15462| [53666] Apache HTTP Server Solaris pollset support denial of service
15463| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15464| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15465| [53041] mod_proxy_ftp module for Apache denial of service
15466| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15467| [51953] Apache Tomcat Path Disclosure
15468| [51952] Apache Tomcat Path Traversal
15469| [51951] Apache stronghold-status Information Disclosure
15470| [51950] Apache stronghold-info Information Disclosure
15471| [51949] Apache PHP Source Code Disclosure
15472| [51948] Apache Multiviews Attack
15473| [51946] Apache JServ Environment Status Information Disclosure
15474| [51945] Apache error_log Information Disclosure
15475| [51944] Apache Default Installation Page Pattern Found
15476| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15477| [51942] Apache AXIS XML External Entity File Retrieval
15478| [51941] Apache AXIS Sample Servlet Information Leak
15479| [51940] Apache access_log Information Disclosure
15480| [51626] Apache mod_deflate denial of service
15481| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15482| [51365] Apache Tomcat RequestDispatcher security bypass
15483| [51273] Apache HTTP Server Incomplete Request denial of service
15484| [51195] Apache Tomcat XML information disclosure
15485| [50994] Apache APR-util xml/apr_xml.c denial of service
15486| [50993] Apache APR-util apr_brigade_vprintf denial of service
15487| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15488| [50930] Apache Tomcat j_security_check information disclosure
15489| [50928] Apache Tomcat AJP denial of service
15490| [50884] Apache HTTP Server XML ENTITY denial of service
15491| [50808] Apache HTTP Server AllowOverride privilege escalation
15492| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15493| [50059] Apache mod_proxy_ajp information disclosure
15494| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15495| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15496| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15497| [49921] Apache ActiveMQ Web interface cross-site scripting
15498| [49898] Apache Geronimo Services/Repository directory traversal
15499| [49725] Apache Tomcat mod_jk module information disclosure
15500| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15501| [49712] Apache Struts unspecified cross-site scripting
15502| [49213] Apache Tomcat cal2.jsp cross-site scripting
15503| [48934] Apache Tomcat POST doRead method information disclosure
15504| [48211] Apache Tomcat header HTTP request smuggling
15505| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15506| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15507| [47709] Apache Roller "
15508| [47104] Novell Netware ApacheAdmin console security bypass
15509| [47086] Apache HTTP Server OS fingerprinting unspecified
15510| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15511| [45791] Apache Tomcat RemoteFilterValve security bypass
15512| [44435] Oracle WebLogic Apache Connector buffer overflow
15513| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15514| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15515| [44156] Apache Tomcat RequestDispatcher directory traversal
15516| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15517| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15518| [42987] Apache HTTP Server mod_proxy module denial of service
15519| [42915] Apache Tomcat JSP files path disclosure
15520| [42914] Apache Tomcat MS-DOS path disclosure
15521| [42892] Apache Tomcat unspecified unauthorized access
15522| [42816] Apache Tomcat Host Manager cross-site scripting
15523| [42303] Apache 403 error cross-site scripting
15524| [41618] Apache-SSL ExpandCert() authentication bypass
15525| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15526| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15527| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15528| [40562] Apache Geronimo init information disclosure
15529| [40478] Novell Web Manager webadmin-apache.conf security bypass
15530| [40411] Apache Tomcat exception handling information disclosure
15531| [40409] Apache Tomcat native (APR based) connector weak security
15532| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15533| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15534| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15535| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15536| [39804] Apache Tomcat SingleSignOn information disclosure
15537| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15538| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15539| [39608] Apache HTTP Server balancer manager cross-site request forgery
15540| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15541| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15542| [39472] Apache HTTP Server mod_status cross-site scripting
15543| [39201] Apache Tomcat JULI logging weak security
15544| [39158] Apache HTTP Server Windows SMB shares information disclosure
15545| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15546| [38951] Apache::AuthCAS Perl module cookie SQL injection
15547| [38800] Apache HTTP Server 413 error page cross-site scripting
15548| [38211] Apache Geronimo SQLLoginModule authentication bypass
15549| [37243] Apache Tomcat WebDAV directory traversal
15550| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15551| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15552| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15553| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15554| [36782] Apache Geronimo MEJB unauthorized access
15555| [36586] Apache HTTP Server UTF-7 cross-site scripting
15556| [36468] Apache Geronimo LoginModule security bypass
15557| [36467] Apache Tomcat functions.jsp cross-site scripting
15558| [36402] Apache Tomcat calendar cross-site request forgery
15559| [36354] Apache HTTP Server mod_proxy module denial of service
15560| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15561| [36336] Apache Derby lock table privilege escalation
15562| [36335] Apache Derby schema privilege escalation
15563| [36006] Apache Tomcat "
15564| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15565| [35999] Apache Tomcat \"
15566| [35795] Apache Tomcat CookieExample cross-site scripting
15567| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15568| [35384] Apache HTTP Server mod_cache module denial of service
15569| [35097] Apache HTTP Server mod_status module cross-site scripting
15570| [35095] Apache HTTP Server Prefork MPM module denial of service
15571| [34984] Apache HTTP Server recall_headers information disclosure
15572| [34966] Apache HTTP Server MPM content spoofing
15573| [34965] Apache HTTP Server MPM information disclosure
15574| [34963] Apache HTTP Server MPM multiple denial of service
15575| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15576| [34869] Apache Tomcat JSP example Web application cross-site scripting
15577| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15578| [34496] Apache Tomcat JK Connector security bypass
15579| [34377] Apache Tomcat hello.jsp cross-site scripting
15580| [34212] Apache Tomcat SSL configuration security bypass
15581| [34210] Apache Tomcat Accept-Language cross-site scripting
15582| [34209] Apache Tomcat calendar application cross-site scripting
15583| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15584| [34167] Apache Axis WSDL file path disclosure
15585| [34068] Apache Tomcat AJP connector information disclosure
15586| [33584] Apache HTTP Server suEXEC privilege escalation
15587| [32988] Apache Tomcat proxy module directory traversal
15588| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15589| [32708] Debian Apache tty privilege escalation
15590| [32441] ApacheStats extract() PHP call unspecified
15591| [32128] Apache Tomcat default account
15592| [31680] Apache Tomcat RequestParamExample cross-site scripting
15593| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15594| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15595| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15596| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15597| [29550] Apache mod_tcl set_var() format string
15598| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15599| [28357] Apache HTTP Server mod_alias script source information disclosure
15600| [28063] Apache mod_rewrite off-by-one buffer overflow
15601| [27902] Apache Tomcat URL information disclosure
15602| [26786] Apache James SMTP server denial of service
15603| [25680] libapache2 /tmp/svn file upload
15604| [25614] Apache Struts lookupMap cross-site scripting
15605| [25613] Apache Struts ActionForm denial of service
15606| [25612] Apache Struts isCancelled() security bypass
15607| [24965] Apache mod_python FileSession command execution
15608| [24716] Apache James spooler memory leak denial of service
15609| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15610| [24158] Apache Geronimo jsp-examples cross-site scripting
15611| [24030] Apache auth_ldap module multiple format strings
15612| [24008] Apache mod_ssl custom error message denial of service
15613| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15614| [23612] Apache mod_imap referer field cross-site scripting
15615| [23173] Apache Struts error message cross-site scripting
15616| [22942] Apache Tomcat directory listing denial of service
15617| [22858] Apache Multi-Processing Module code allows denial of service
15618| [22602] RHSA-2005:582 updates for Apache httpd not installed
15619| [22520] Apache mod-auth-shadow "
15620| [22466] ApacheTop symlink
15621| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15622| [22006] Apache HTTP Server byte-range filter denial of service
15623| [21567] Apache mod_ssl off-by-one buffer overflow
15624| [21195] Apache HTTP Server header HTTP request smuggling
15625| [20383] Apache HTTP Server htdigest buffer overflow
15626| [19681] Apache Tomcat AJP12 request denial of service
15627| [18993] Apache HTTP server check_forensic symlink attack
15628| [18790] Apache Tomcat Manager cross-site scripting
15629| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15630| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15631| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15632| [17961] Apache Web server ServerTokens has not been set
15633| [17930] Apache HTTP Server HTTP GET request denial of service
15634| [17785] Apache mod_include module buffer overflow
15635| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15636| [17473] Apache HTTP Server Satisfy directive allows access to resources
15637| [17413] Apache htpasswd buffer overflow
15638| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15639| [17382] Apache HTTP Server IPv6 apr_util denial of service
15640| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15641| [17273] Apache HTTP Server speculative mode denial of service
15642| [17200] Apache HTTP Server mod_ssl denial of service
15643| [16890] Apache HTTP Server server-info request has been detected
15644| [16889] Apache HTTP Server server-status request has been detected
15645| [16705] Apache mod_ssl format string attack
15646| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15647| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15648| [16230] Apache HTTP Server PHP denial of service
15649| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15650| [15958] Apache HTTP Server authentication modules memory corruption
15651| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15652| [15540] Apache HTTP Server socket starvation denial of service
15653| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15654| [15422] Apache HTTP Server mod_access information disclosure
15655| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15656| [15293] Apache for Cygwin "
15657| [15065] Apache-SSL has a default password
15658| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15659| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15660| [14751] Apache Mod_python output filter information disclosure
15661| [14125] Apache HTTP Server mod_userdir module information disclosure
15662| [14075] Apache HTTP Server mod_php file descriptor leak
15663| [13703] Apache HTTP Server account
15664| [13689] Apache HTTP Server configuration allows symlinks
15665| [13688] Apache HTTP Server configuration allows SSI
15666| [13687] Apache HTTP Server Server: header value
15667| [13685] Apache HTTP Server ServerTokens value
15668| [13684] Apache HTTP Server ServerSignature value
15669| [13672] Apache HTTP Server config allows directory autoindexing
15670| [13671] Apache HTTP Server default content
15671| [13670] Apache HTTP Server config file directive references outside content root
15672| [13668] Apache HTTP Server httpd not running in chroot environment
15673| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15674| [13664] Apache HTTP Server config file contains ScriptAlias entry
15675| [13663] Apache HTTP Server CGI support modules loaded
15676| [13661] Apache HTTP Server config file contains AddHandler entry
15677| [13660] Apache HTTP Server 500 error page not CGI script
15678| [13659] Apache HTTP Server 413 error page not CGI script
15679| [13658] Apache HTTP Server 403 error page not CGI script
15680| [13657] Apache HTTP Server 401 error page not CGI script
15681| [13552] Apache HTTP Server mod_cgid module information disclosure
15682| [13550] Apache GET request directory traversal
15683| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15684| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15685| [13429] Apache Tomcat non-HTTP request denial of service
15686| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15687| [13295] Apache weak password encryption
15688| [13254] Apache Tomcat .jsp cross-site scripting
15689| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15690| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15691| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15692| [12662] Apache HTTP Server rotatelogs denial of service
15693| [12554] Apache Tomcat stores password in plain text
15694| [12553] Apache HTTP Server redirects and subrequests denial of service
15695| [12552] Apache HTTP Server FTP proxy server denial of service
15696| [12551] Apache HTTP Server prefork MPM denial of service
15697| [12550] Apache HTTP Server weaker than expected encryption
15698| [12549] Apache HTTP Server type-map file denial of service
15699| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15700| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15701| [12091] Apache HTTP Server apr_password_validate denial of service
15702| [12090] Apache HTTP Server apr_psprintf code execution
15703| [11804] Apache HTTP Server mod_access_referer denial of service
15704| [11750] Apache HTTP Server could leak sensitive file descriptors
15705| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15706| [11703] Apache long slash path allows directory listing
15707| [11695] Apache HTTP Server LF (Line Feed) denial of service
15708| [11694] Apache HTTP Server filestat.c denial of service
15709| [11438] Apache HTTP Server MIME message boundaries information disclosure
15710| [11412] Apache HTTP Server error log terminal escape sequence injection
15711| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15712| [11195] Apache Tomcat web.xml could be used to read files
15713| [11194] Apache Tomcat URL appended with a null character could list directories
15714| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15715| [11126] Apache HTTP Server illegal character file disclosure
15716| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15717| [11124] Apache HTTP Server DOS device name denial of service
15718| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15719| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15720| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15721| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15722| [10499] Apache HTTP Server WebDAV HTTP POST view source
15723| [10457] Apache HTTP Server mod_ssl "
15724| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15725| [10414] Apache HTTP Server htdigest multiple buffer overflows
15726| [10413] Apache HTTP Server htdigest temporary file race condition
15727| [10412] Apache HTTP Server htpasswd temporary file race condition
15728| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15729| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15730| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15731| [10280] Apache HTTP Server shared memory scorecard overwrite
15732| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15733| [10241] Apache HTTP Server Host: header cross-site scripting
15734| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15735| [10208] Apache HTTP Server mod_dav denial of service
15736| [10206] HP VVOS Apache mod_ssl denial of service
15737| [10200] Apache HTTP Server stderr denial of service
15738| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15739| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15740| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15741| [10098] Slapper worm targets OpenSSL/Apache systems
15742| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15743| [9875] Apache HTTP Server .var file request could disclose installation path
15744| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15745| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15746| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15747| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15748| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15749| [9396] Apache Tomcat null character to threads denial of service
15750| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15751| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15752| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15753| [8932] Apache Tomcat example class information disclosure
15754| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15755| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15756| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15757| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15758| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15759| [8400] Apache HTTP Server mod_frontpage buffer overflows
15760| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15761| [8308] Apache "
15762| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15763| [8119] Apache and PHP OPTIONS request reveals "
15764| [8054] Apache is running on the system
15765| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15766| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15767| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15768| [7836] Apache HTTP Server log directory denial of service
15769| [7815] Apache for Windows "
15770| [7810] Apache HTTP request could result in unexpected behavior
15771| [7599] Apache Tomcat reveals installation path
15772| [7494] Apache "
15773| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15774| [7363] Apache Web Server hidden HTTP requests
15775| [7249] Apache mod_proxy denial of service
15776| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15777| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15778| [7059] Apache "
15779| [7057] Apache "
15780| [7056] Apache "
15781| [7055] Apache "
15782| [7054] Apache "
15783| [6997] Apache Jakarta Tomcat error message may reveal information
15784| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15785| [6970] Apache crafted HTTP request could reveal the internal IP address
15786| [6921] Apache long slash path allows directory listing
15787| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15788| [6527] Apache Web Server for Windows and OS2 denial of service
15789| [6316] Apache Jakarta Tomcat may reveal JSP source code
15790| [6305] Apache Jakarta Tomcat directory traversal
15791| [5926] Linux Apache symbolic link
15792| [5659] Apache Web server discloses files when used with php script
15793| [5310] Apache mod_rewrite allows attacker to view arbitrary files
15794| [5204] Apache WebDAV directory listings
15795| [5197] Apache Web server reveals CGI script source code
15796| [5160] Apache Jakarta Tomcat default installation
15797| [5099] Trustix Secure Linux installs Apache with world writable access
15798| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
15799| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
15800| [4931] Apache source.asp example file allows users to write to files
15801| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
15802| [4205] Apache Jakarta Tomcat delivers file contents
15803| [2084] Apache on Debian by default serves the /usr/doc directory
15804| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
15805| [697] Apache HTTP server beck exploit
15806| [331] Apache cookies buffer overflow
15807|
15808| Exploit-DB - https://www.exploit-db.com:
15809| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
15810| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15811| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15812| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
15813| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
15814| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
15815| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
15816| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
15817| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
15818| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15819| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
15820| [29859] Apache Roller OGNL Injection
15821| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
15822| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
15823| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
15824| [29290] Apache / PHP 5.x Remote Code Execution Exploit
15825| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
15826| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
15827| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
15828| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
15829| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
15830| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
15831| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
15832| [27096] Apache Geronimo 1.0 Error Page XSS
15833| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
15834| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
15835| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
15836| [25986] Plesk Apache Zeroday Remote Exploit
15837| [25980] Apache Struts includeParams Remote Code Execution
15838| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
15839| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
15840| [24874] Apache Struts ParametersInterceptor Remote Code Execution
15841| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
15842| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
15843| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
15844| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
15845| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
15846| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
15847| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
15848| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
15849| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
15850| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
15851| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
15852| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
15853| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
15854| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
15855| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
15856| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
15857| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15858| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
15859| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
15860| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15861| [21719] Apache 2.0 Path Disclosure Vulnerability
15862| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15863| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
15864| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
15865| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
15866| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
15867| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
15868| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
15869| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
15870| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
15871| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
15872| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
15873| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
15874| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
15875| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
15876| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
15877| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
15878| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
15879| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
15880| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
15881| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
15882| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
15883| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
15884| [20558] Apache 1.2 Web Server DoS Vulnerability
15885| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
15886| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
15887| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
15888| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
15889| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
15890| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
15891| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
15892| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
15893| [19231] PHP apache_request_headers Function Buffer Overflow
15894| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
15895| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
15896| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
15897| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
15898| [18442] Apache httpOnly Cookie Disclosure
15899| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
15900| [18221] Apache HTTP Server Denial of Service
15901| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
15902| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
15903| [17691] Apache Struts < 2.2.0 - Remote Command Execution
15904| [16798] Apache mod_jk 1.2.20 Buffer Overflow
15905| [16782] Apache Win32 Chunked Encoding
15906| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
15907| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
15908| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
15909| [15319] Apache 2.2 (Windows) Local Denial of Service
15910| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
15911| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15912| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
15913| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
15914| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
15915| [12330] Apache OFBiz - Multiple XSS
15916| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
15917| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
15918| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
15919| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
15920| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
15921| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
15922| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
15923| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15924| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15925| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
15926| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
15927| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
15928| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15929| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
15930| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
15931| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
15932| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
15933| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
15934| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
15935| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
15936| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
15937| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
15938| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
15939| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
15940| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
15941| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
15942| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
15943| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
15944| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
15945| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
15946| [466] htpasswd Apache 1.3.31 - Local Exploit
15947| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
15948| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
15949| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
15950| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
15951| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
15952| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
15953| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
15954| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
15955| [9] Apache HTTP Server 2.x Memory Leak Exploit
15956|
15957| OpenVAS (Nessus) - http://www.openvas.org:
15958| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
15959| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
15960| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15961| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
15962| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
15963| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15964| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15965| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
15966| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
15967| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
15968| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
15969| [900571] Apache APR-Utils Version Detection
15970| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
15971| [900496] Apache Tiles Multiple XSS Vulnerability
15972| [900493] Apache Tiles Version Detection
15973| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
15974| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
15975| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
15976| [870175] RedHat Update for apache RHSA-2008:0004-01
15977| [864591] Fedora Update for apache-poi FEDORA-2012-10835
15978| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
15979| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
15980| [864250] Fedora Update for apache-poi FEDORA-2012-7683
15981| [864249] Fedora Update for apache-poi FEDORA-2012-7686
15982| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
15983| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
15984| [855821] Solaris Update for Apache 1.3 122912-19
15985| [855812] Solaris Update for Apache 1.3 122911-19
15986| [855737] Solaris Update for Apache 1.3 122911-17
15987| [855731] Solaris Update for Apache 1.3 122912-17
15988| [855695] Solaris Update for Apache 1.3 122911-16
15989| [855645] Solaris Update for Apache 1.3 122912-16
15990| [855587] Solaris Update for kernel update and Apache 108529-29
15991| [855566] Solaris Update for Apache 116973-07
15992| [855531] Solaris Update for Apache 116974-07
15993| [855524] Solaris Update for Apache 2 120544-14
15994| [855494] Solaris Update for Apache 1.3 122911-15
15995| [855478] Solaris Update for Apache Security 114145-11
15996| [855472] Solaris Update for Apache Security 113146-12
15997| [855179] Solaris Update for Apache 1.3 122912-15
15998| [855147] Solaris Update for kernel update and Apache 108528-29
15999| [855077] Solaris Update for Apache 2 120543-14
16000| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16001| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16002| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16003| [841209] Ubuntu Update for apache2 USN-1627-1
16004| [840900] Ubuntu Update for apache2 USN-1368-1
16005| [840798] Ubuntu Update for apache2 USN-1259-1
16006| [840734] Ubuntu Update for apache2 USN-1199-1
16007| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16008| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16009| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16010| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16011| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16012| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16013| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16014| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16015| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16016| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16017| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16018| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16019| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16020| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16021| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16022| [835188] HP-UX Update for Apache HPSBUX02308
16023| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16024| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16025| [835172] HP-UX Update for Apache HPSBUX02365
16026| [835168] HP-UX Update for Apache HPSBUX02313
16027| [835148] HP-UX Update for Apache HPSBUX01064
16028| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16029| [835131] HP-UX Update for Apache HPSBUX00256
16030| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16031| [835104] HP-UX Update for Apache HPSBUX00224
16032| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16033| [835101] HP-UX Update for Apache HPSBUX01232
16034| [835080] HP-UX Update for Apache HPSBUX02273
16035| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16036| [835044] HP-UX Update for Apache HPSBUX01019
16037| [835040] HP-UX Update for Apache PHP HPSBUX00207
16038| [835025] HP-UX Update for Apache HPSBUX00197
16039| [835023] HP-UX Update for Apache HPSBUX01022
16040| [835022] HP-UX Update for Apache HPSBUX02292
16041| [835005] HP-UX Update for Apache HPSBUX02262
16042| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16043| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16044| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16045| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16046| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16047| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16048| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16049| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16050| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16051| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16052| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16053| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16054| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16055| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16056| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16057| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16058| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16059| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16060| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16061| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16062| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16063| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16064| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16065| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16066| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16067| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16068| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16069| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16070| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16071| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16072| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16073| [801942] Apache Archiva Multiple Vulnerabilities
16074| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16075| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16076| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16077| [801284] Apache Derby Information Disclosure Vulnerability
16078| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16079| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16080| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16081| [800680] Apache APR Version Detection
16082| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16083| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16084| [800677] Apache Roller Version Detection
16085| [800279] Apache mod_jk Module Version Detection
16086| [800278] Apache Struts Cross Site Scripting Vulnerability
16087| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16088| [800276] Apache Struts Version Detection
16089| [800271] Apache Struts Directory Traversal Vulnerability
16090| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16091| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16092| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16093| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16094| [103074] Apache Continuum Cross Site Scripting Vulnerability
16095| [103073] Apache Continuum Detection
16096| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16097| [101023] Apache Open For Business Weak Password security check
16098| [101020] Apache Open For Business HTML injection vulnerability
16099| [101019] Apache Open For Business service detection
16100| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16101| [100923] Apache Archiva Detection
16102| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16103| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16104| [100813] Apache Axis2 Detection
16105| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16106| [100795] Apache Derby Detection
16107| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16108| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16109| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16110| [100514] Apache Multiple Security Vulnerabilities
16111| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16112| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16113| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16114| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16115| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16116| [72612] FreeBSD Ports: apache22
16117| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16118| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16119| [71512] FreeBSD Ports: apache
16120| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16121| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16122| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16123| [70737] FreeBSD Ports: apache
16124| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16125| [70600] FreeBSD Ports: apache
16126| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16127| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16128| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16129| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16130| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16131| [67868] FreeBSD Ports: apache
16132| [66816] FreeBSD Ports: apache
16133| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16134| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16135| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16136| [66081] SLES11: Security update for Apache 2
16137| [66074] SLES10: Security update for Apache 2
16138| [66070] SLES9: Security update for Apache 2
16139| [65998] SLES10: Security update for apache2-mod_python
16140| [65893] SLES10: Security update for Apache 2
16141| [65888] SLES10: Security update for Apache 2
16142| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16143| [65510] SLES9: Security update for Apache 2
16144| [65472] SLES9: Security update for Apache
16145| [65467] SLES9: Security update for Apache
16146| [65450] SLES9: Security update for apache2
16147| [65390] SLES9: Security update for Apache2
16148| [65363] SLES9: Security update for Apache2
16149| [65309] SLES9: Security update for Apache and mod_ssl
16150| [65296] SLES9: Security update for webdav apache module
16151| [65283] SLES9: Security update for Apache2
16152| [65249] SLES9: Security update for Apache 2
16153| [65230] SLES9: Security update for Apache 2
16154| [65228] SLES9: Security update for Apache 2
16155| [65212] SLES9: Security update for apache2-mod_python
16156| [65209] SLES9: Security update for apache2-worker
16157| [65207] SLES9: Security update for Apache 2
16158| [65168] SLES9: Security update for apache2-mod_python
16159| [65142] SLES9: Security update for Apache2
16160| [65136] SLES9: Security update for Apache 2
16161| [65132] SLES9: Security update for apache
16162| [65131] SLES9: Security update for Apache 2 oes/CORE
16163| [65113] SLES9: Security update for apache2
16164| [65072] SLES9: Security update for apache and mod_ssl
16165| [65017] SLES9: Security update for Apache 2
16166| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16167| [64783] FreeBSD Ports: apache
16168| [64774] Ubuntu USN-802-2 (apache2)
16169| [64653] Ubuntu USN-813-2 (apache2)
16170| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16171| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16172| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16173| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16174| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16175| [64443] Ubuntu USN-802-1 (apache2)
16176| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16177| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16178| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16179| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16180| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16181| [64201] Ubuntu USN-787-1 (apache2)
16182| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16183| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16184| [63565] FreeBSD Ports: apache
16185| [63562] Ubuntu USN-731-1 (apache2)
16186| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16187| [61185] FreeBSD Ports: apache
16188| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16189| [60387] Slackware Advisory SSA:2008-045-02 apache
16190| [58826] FreeBSD Ports: apache-tomcat
16191| [58825] FreeBSD Ports: apache-tomcat
16192| [58804] FreeBSD Ports: apache
16193| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16194| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16195| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16196| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16197| [57335] Debian Security Advisory DSA 1167-1 (apache)
16198| [57201] Debian Security Advisory DSA 1131-1 (apache)
16199| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16200| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16201| [57145] FreeBSD Ports: apache
16202| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16203| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16204| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16205| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16206| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16207| [56067] FreeBSD Ports: apache
16208| [55803] Slackware Advisory SSA:2005-310-04 apache
16209| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16210| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16211| [55355] FreeBSD Ports: apache
16212| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16213| [55261] Debian Security Advisory DSA 805-1 (apache2)
16214| [55259] Debian Security Advisory DSA 803-1 (apache)
16215| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16216| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16217| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16218| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16219| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16220| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16221| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16222| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16223| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16224| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16225| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16226| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16227| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16228| [54439] FreeBSD Ports: apache
16229| [53931] Slackware Advisory SSA:2004-133-01 apache
16230| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16231| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16232| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16233| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16234| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16235| [53848] Debian Security Advisory DSA 131-1 (apache)
16236| [53784] Debian Security Advisory DSA 021-1 (apache)
16237| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16238| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16239| [53735] Debian Security Advisory DSA 187-1 (apache)
16240| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16241| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16242| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16243| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16244| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16245| [53282] Debian Security Advisory DSA 594-1 (apache)
16246| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16247| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16248| [53215] Debian Security Advisory DSA 525-1 (apache)
16249| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16250| [52529] FreeBSD Ports: apache+ssl
16251| [52501] FreeBSD Ports: apache
16252| [52461] FreeBSD Ports: apache
16253| [52390] FreeBSD Ports: apache
16254| [52389] FreeBSD Ports: apache
16255| [52388] FreeBSD Ports: apache
16256| [52383] FreeBSD Ports: apache
16257| [52339] FreeBSD Ports: apache+mod_ssl
16258| [52331] FreeBSD Ports: apache
16259| [52329] FreeBSD Ports: ru-apache+mod_ssl
16260| [52314] FreeBSD Ports: apache
16261| [52310] FreeBSD Ports: apache
16262| [15588] Detect Apache HTTPS
16263| [15555] Apache mod_proxy content-length buffer overflow
16264| [15554] Apache mod_include priviledge escalation
16265| [14771] Apache <= 1.3.33 htpasswd local overflow
16266| [14177] Apache mod_access rule bypass
16267| [13644] Apache mod_rootme Backdoor
16268| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16269| [12280] Apache Connection Blocking Denial of Service
16270| [12239] Apache Error Log Escape Sequence Injection
16271| [12123] Apache Tomcat source.jsp malformed request information disclosure
16272| [12085] Apache Tomcat servlet/JSP container default files
16273| [11438] Apache Tomcat Directory Listing and File disclosure
16274| [11204] Apache Tomcat Default Accounts
16275| [11092] Apache 2.0.39 Win32 directory traversal
16276| [11046] Apache Tomcat TroubleShooter Servlet Installed
16277| [11042] Apache Tomcat DOS Device Name XSS
16278| [11041] Apache Tomcat /servlet Cross Site Scripting
16279| [10938] Apache Remote Command Execution via .bat files
16280| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16281| [10773] MacOS X Finder reveals contents of Apache Web files
16282| [10766] Apache UserDir Sensitive Information Disclosure
16283| [10756] MacOS X Finder reveals contents of Apache Web directories
16284| [10752] Apache Auth Module SQL Insertion Attack
16285| [10704] Apache Directory Listing
16286| [10678] Apache /server-info accessible
16287| [10677] Apache /server-status accessible
16288| [10440] Check for Apache Multiple / vulnerability
16289|
16290| SecurityTracker - https://www.securitytracker.com:
16291| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16292| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16293| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16294| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16295| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16296| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16297| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16298| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16299| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16300| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16301| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16302| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16303| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16304| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16305| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16306| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16307| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16308| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16309| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16310| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16311| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16312| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16313| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16314| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16315| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16316| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16317| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16318| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16319| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16320| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16321| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16322| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16323| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16324| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16325| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16326| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16327| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16328| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16329| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16330| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16331| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16332| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16333| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16334| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16335| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16336| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16337| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16338| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16339| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16340| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16341| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16342| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16343| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16344| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16345| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16346| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16347| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16348| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16349| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16350| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16351| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16352| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16353| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16354| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16355| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16356| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16357| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16358| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16359| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16360| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16361| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16362| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16363| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16364| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16365| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16366| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16367| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16368| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16369| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16370| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16371| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16372| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16373| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16374| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16375| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16376| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16377| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16378| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16379| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16380| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16381| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16382| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16383| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16384| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16385| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16386| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16387| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16388| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16389| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16390| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16391| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16392| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16393| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16394| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16395| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16396| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16397| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16398| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16399| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16400| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16401| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16402| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16403| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16404| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16405| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16406| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16407| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16408| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16409| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16410| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16411| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16412| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16413| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16414| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16415| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16416| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16417| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16418| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16419| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16420| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16421| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16422| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16423| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16424| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16425| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16426| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16427| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16428| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16429| [1008920] Apache mod_digest May Validate Replayed Client Responses
16430| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16431| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16432| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16433| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16434| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16435| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16436| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16437| [1008029] Apache mod_alias Contains a Buffer Overflow
16438| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16439| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16440| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16441| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16442| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16443| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16444| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16445| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16446| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16447| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16448| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16449| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16450| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16451| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16452| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16453| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16454| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16455| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16456| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16457| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16458| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16459| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16460| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16461| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16462| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16463| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16464| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16465| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16466| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16467| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16468| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16469| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16470| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16471| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16472| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16473| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16474| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16475| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16476| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16477| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16478| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16479| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16480| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16481| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16482| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16483| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16484| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16485| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16486| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16487| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16488| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16489| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16490| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16491| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16492| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16493| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16494|
16495| OSVDB - http://www.osvdb.org:
16496| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16497| [96077] Apache CloudStack Global Settings Multiple Field XSS
16498| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16499| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16500| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16501| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16502| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16503| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16504| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16505| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16506| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16507| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16508| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16509| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16510| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16511| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16512| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16513| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16514| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16515| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16516| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16517| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16518| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16519| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16520| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16521| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16522| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16523| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16524| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16525| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16526| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16527| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16528| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16529| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16530| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16531| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16532| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16533| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16534| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16535| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16536| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16537| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16538| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16539| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16540| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16541| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16542| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16543| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16544| [94279] Apache Qpid CA Certificate Validation Bypass
16545| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16546| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16547| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16548| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16549| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16550| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16551| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16552| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16553| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16554| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16555| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16556| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16557| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16558| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16559| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16560| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16561| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16562| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16563| [93541] Apache Solr json.wrf Callback XSS
16564| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16565| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16566| [93520] Apache CloudStack Default SSL Key Weakness
16567| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16568| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16569| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16570| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16571| [93515] Apache HBase table.jsp name Parameter XSS
16572| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16573| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16574| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16575| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16576| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16577| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16578| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16579| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16580| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16581| [93252] Apache Tomcat FORM Authenticator Session Fixation
16582| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16583| [93171] Apache Sling HtmlResponse Error Message XSS
16584| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16585| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16586| [93168] Apache Click ErrorReport.java id Parameter XSS
16587| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16588| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16589| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16590| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16591| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16592| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16593| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16594| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16595| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16596| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16597| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16598| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16599| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16600| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16601| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16602| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16603| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16604| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16605| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16606| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16607| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16608| [93144] Apache Solr Admin Command Execution CSRF
16609| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16610| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16611| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16612| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16613| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16614| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16615| [92748] Apache CloudStack VM Console Access Restriction Bypass
16616| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16617| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16618| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16619| [92706] Apache ActiveMQ Debug Log Rendering XSS
16620| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16621| [92270] Apache Tomcat Unspecified CSRF
16622| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16623| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16624| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16625| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16626| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16627| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16628| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16629| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16630| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16631| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16632| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16633| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16634| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16635| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16636| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16637| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16638| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16639| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16640| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16641| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16642| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16643| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16644| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16645| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16646| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16647| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16648| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16649| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16650| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16651| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16652| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16653| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16654| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16655| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16656| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16657| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16658| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16659| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16660| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16661| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16662| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16663| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16664| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16665| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16666| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16667| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16668| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16669| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16670| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16671| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16672| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16673| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16674| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16675| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16676| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16677| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16678| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16679| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16680| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16681| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16682| [86901] Apache Tomcat Error Message Path Disclosure
16683| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16684| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16685| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16686| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16687| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16688| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16689| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16690| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16691| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16692| [85430] Apache mod_pagespeed Module Unspecified XSS
16693| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16694| [85249] Apache Wicket Unspecified XSS
16695| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16696| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16697| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16698| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16699| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16700| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16701| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16702| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16703| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16704| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16705| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16706| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16707| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16708| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16709| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16710| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16711| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16712| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16713| [83339] Apache Roller Blogger Roll Unspecified XSS
16714| [83270] Apache Roller Unspecified Admin Action CSRF
16715| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16716| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16717| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16718| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16719| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16720| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16721| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16722| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16723| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16724| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16725| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16726| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16727| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16728| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16729| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16730| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16731| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16732| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16733| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16734| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16735| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16736| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16737| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16738| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16739| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16740| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16741| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16742| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16743| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16744| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16745| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16746| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16747| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16748| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16749| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16750| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16751| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16752| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16753| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16754| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16755| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16756| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16757| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16758| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16759| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16760| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16761| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16762| [77593] Apache Struts Conversion Error OGNL Expression Injection
16763| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16764| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16765| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16766| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16767| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16768| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16769| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16770| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16771| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16772| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16773| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16774| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16775| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16776| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16777| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16778| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16779| [74725] Apache Wicket Multi Window Support Unspecified XSS
16780| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16781| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16782| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16783| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16784| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16785| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16786| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16787| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16788| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16789| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16790| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16791| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
16792| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
16793| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
16794| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
16795| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
16796| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
16797| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
16798| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
16799| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
16800| [73154] Apache Archiva Multiple Unspecified CSRF
16801| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
16802| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
16803| [72238] Apache Struts Action / Method Names <
16804| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
16805| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
16806| [71557] Apache Tomcat HTML Manager Multiple XSS
16807| [71075] Apache Archiva User Management Page XSS
16808| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
16809| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
16810| [70924] Apache Continuum Multiple Admin Function CSRF
16811| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
16812| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
16813| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
16814| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
16815| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
16816| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
16817| [69520] Apache Archiva Administrator Credential Manipulation CSRF
16818| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
16819| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
16820| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
16821| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
16822| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
16823| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
16824| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
16825| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
16826| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
16827| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
16828| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
16829| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
16830| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
16831| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
16832| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
16833| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
16834| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
16835| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
16836| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
16837| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
16838| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
16839| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
16840| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
16841| [65054] Apache ActiveMQ Jetty Error Handler XSS
16842| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
16843| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
16844| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
16845| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
16846| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
16847| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
16848| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
16849| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
16850| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
16851| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
16852| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
16853| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
16854| [63895] Apache HTTP Server mod_headers Unspecified Issue
16855| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
16856| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
16857| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
16858| [63140] Apache Thrift Service Malformed Data Remote DoS
16859| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
16860| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
16861| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
16862| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
16863| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
16864| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
16865| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
16866| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
16867| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
16868| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
16869| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
16870| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
16871| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
16872| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
16873| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
16874| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
16875| [60678] Apache Roller Comment Email Notification Manipulation DoS
16876| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
16877| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
16878| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
16879| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
16880| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
16881| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
16882| [60232] PHP on Apache php.exe Direct Request Remote DoS
16883| [60176] Apache Tomcat Windows Installer Admin Default Password
16884| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
16885| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
16886| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
16887| [59944] Apache Hadoop jobhistory.jsp XSS
16888| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
16889| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
16890| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
16891| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
16892| [59019] Apache mod_python Cookie Salting Weakness
16893| [59018] Apache Harmony Error Message Handling Overflow
16894| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
16895| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
16896| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
16897| [59010] Apache Solr get-file.jsp XSS
16898| [59009] Apache Solr action.jsp XSS
16899| [59008] Apache Solr analysis.jsp XSS
16900| [59007] Apache Solr schema.jsp Multiple Parameter XSS
16901| [59006] Apache Beehive select / checkbox Tag XSS
16902| [59005] Apache Beehive jpfScopeID Global Parameter XSS
16903| [59004] Apache Beehive Error Message XSS
16904| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
16905| [59002] Apache Jetspeed default-page.psml URI XSS
16906| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
16907| [59000] Apache CXF Unsigned Message Policy Bypass
16908| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
16909| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
16910| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
16911| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
16912| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
16913| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
16914| [58993] Apache Hadoop browseBlock.jsp XSS
16915| [58991] Apache Hadoop browseDirectory.jsp XSS
16916| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
16917| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
16918| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
16919| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
16920| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
16921| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
16922| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
16923| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
16924| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
16925| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
16926| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
16927| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
16928| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
16929| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
16930| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
16931| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
16932| [58974] Apache Sling /apps Script User Session Management Access Weakness
16933| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
16934| [58931] Apache Geronimo Cookie Parameters Validation Weakness
16935| [58930] Apache Xalan-C++ XPath Handling Remote DoS
16936| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
16937| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
16938| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
16939| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
16940| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
16941| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
16942| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
16943| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
16944| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
16945| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
16946| [58805] Apache Derby Unauthenticated Database / Admin Access
16947| [58804] Apache Wicket Header Contribution Unspecified Issue
16948| [58803] Apache Wicket Session Fixation
16949| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
16950| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
16951| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
16952| [58799] Apache Tapestry Logging Cleartext Password Disclosure
16953| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
16954| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
16955| [58796] Apache Jetspeed Unsalted Password Storage Weakness
16956| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
16957| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
16958| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
16959| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
16960| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
16961| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
16962| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
16963| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
16964| [58775] Apache JSPWiki preview.jsp action Parameter XSS
16965| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16966| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
16967| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
16968| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
16969| [58770] Apache JSPWiki Group.jsp group Parameter XSS
16970| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
16971| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
16972| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
16973| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
16974| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16975| [58763] Apache JSPWiki Include Tag Multiple Script XSS
16976| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
16977| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
16978| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
16979| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
16980| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
16981| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
16982| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
16983| [58755] Apache Harmony DRLVM Non-public Class Member Access
16984| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
16985| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
16986| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
16987| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
16988| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
16989| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
16990| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
16991| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
16992| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
16993| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
16994| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
16995| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
16996| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
16997| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
16998| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
16999| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17000| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17001| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17002| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17003| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17004| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17005| [58724] Apache Roller Logout Functionality Failure Session Persistence
17006| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17007| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17008| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17009| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17010| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17011| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17012| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17013| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17014| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17015| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17016| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17017| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17018| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17019| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17020| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17021| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17022| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17023| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17024| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17025| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17026| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17027| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17028| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17029| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17030| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17031| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17032| [58687] Apache Axis Invalid wsdl Request XSS
17033| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17034| [58685] Apache Velocity Template Designer Privileged Code Execution
17035| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17036| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17037| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17038| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17039| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17040| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17041| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17042| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17043| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17044| [58667] Apache Roller Database Cleartext Passwords Disclosure
17045| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17046| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17047| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17048| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17049| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17050| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17051| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17052| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17053| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17054| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17055| [56984] Apache Xerces2 Java Malformed XML Input DoS
17056| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17057| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17058| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17059| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17060| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17061| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17062| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17063| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17064| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17065| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17066| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17067| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17068| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17069| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17070| [55056] Apache Tomcat Cross-application TLD File Manipulation
17071| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17072| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17073| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17074| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17075| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17076| [54589] Apache Jserv Nonexistent JSP Request XSS
17077| [54122] Apache Struts s:a / s:url Tag href Element XSS
17078| [54093] Apache ActiveMQ Web Console JMS Message XSS
17079| [53932] Apache Geronimo Multiple Admin Function CSRF
17080| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17081| [53930] Apache Geronimo /console/portal/ URI XSS
17082| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17083| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17084| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17085| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17086| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17087| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17088| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17089| [53380] Apache Struts Unspecified XSS
17090| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17091| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17092| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17093| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17094| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17095| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17096| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17097| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17098| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17099| [51151] Apache Roller Search Function q Parameter XSS
17100| [50482] PHP with Apache php_value Order Unspecified Issue
17101| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17102| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17103| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17104| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17105| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17106| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17107| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17108| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17109| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17110| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17111| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17112| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17113| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17114| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17115| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17116| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17117| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17118| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17119| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17120| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17121| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17122| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17123| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17124| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17125| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17126| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17127| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17128| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17129| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17130| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17131| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17132| [43452] Apache Tomcat HTTP Request Smuggling
17133| [43309] Apache Geronimo LoginModule Login Method Bypass
17134| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17135| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17136| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17137| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17138| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17139| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17140| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17141| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17142| [42091] Apache Maven Site Plugin Installation Permission Weakness
17143| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17144| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17145| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17146| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17147| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17148| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17149| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17150| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17151| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17152| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17153| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17154| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17155| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17156| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17157| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17158| [40262] Apache HTTP Server mod_status refresh XSS
17159| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17160| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17161| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17162| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17163| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17164| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17165| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17166| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17167| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17168| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17169| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17170| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17171| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17172| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17173| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17174| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17175| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17176| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17177| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17178| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17179| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17180| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17181| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17182| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17183| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17184| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17185| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17186| [36079] Apache Tomcat Manager Uploaded Filename XSS
17187| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17188| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17189| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17190| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17191| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17192| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17193| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17194| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17195| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17196| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17197| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17198| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17199| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17200| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17201| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17202| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17203| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17204| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17205| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17206| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17207| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17208| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17209| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17210| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17211| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17212| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17213| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17214| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17215| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17216| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17217| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17218| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17219| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17220| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17221| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17222| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17223| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17224| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17225| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17226| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17227| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17228| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17229| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17230| [24365] Apache Struts Multiple Function Error Message XSS
17231| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17232| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17233| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17234| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17235| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17236| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17237| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17238| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17239| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17240| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17241| [22459] Apache Geronimo Error Page XSS
17242| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17243| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17244| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17245| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17246| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17247| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17248| [21021] Apache Struts Error Message XSS
17249| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17250| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17251| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17252| [20439] Apache Tomcat Directory Listing Saturation DoS
17253| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17254| [20285] Apache HTTP Server Log File Control Character Injection
17255| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17256| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17257| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17258| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17259| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17260| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17261| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17262| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17263| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17264| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17265| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17266| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17267| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17268| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17269| [18233] Apache HTTP Server htdigest user Variable Overfow
17270| [17738] Apache HTTP Server HTTP Request Smuggling
17271| [16586] Apache HTTP Server Win32 GET Overflow DoS
17272| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17273| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17274| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17275| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17276| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17277| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17278| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17279| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17280| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17281| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17282| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17283| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17284| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17285| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17286| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17287| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17288| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17289| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17290| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17291| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17292| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17293| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17294| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17295| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17296| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17297| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17298| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17299| [13304] Apache Tomcat realPath.jsp Path Disclosure
17300| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17301| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17302| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17303| [12848] Apache HTTP Server htdigest realm Variable Overflow
17304| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17305| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17306| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17307| [12557] Apache HTTP Server prefork MPM accept Error DoS
17308| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17309| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17310| [12231] Apache Tomcat web.xml Arbitrary File Access
17311| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17312| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17313| [12178] Apache Jakarta Lucene results.jsp XSS
17314| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17315| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17316| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17317| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17318| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17319| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17320| [10471] Apache Xerces-C++ XML Parser DoS
17321| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17322| [10068] Apache HTTP Server htpasswd Local Overflow
17323| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17324| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17325| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17326| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17327| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17328| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17329| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17330| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17331| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17332| [9714] Apache Authentication Module Threaded MPM DoS
17333| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17334| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17335| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17336| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17337| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17338| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17339| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17340| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17341| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17342| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17343| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17344| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17345| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17346| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17347| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17348| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17349| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17350| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17351| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17352| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17353| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17354| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17355| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17356| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17357| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17358| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17359| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17360| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17361| [9208] Apache Tomcat .jsp Encoded Newline XSS
17362| [9204] Apache Tomcat ROOT Application XSS
17363| [9203] Apache Tomcat examples Application XSS
17364| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17365| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17366| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17367| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17368| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17369| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17370| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17371| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17372| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17373| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17374| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17375| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17376| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17377| [7611] Apache HTTP Server mod_alias Local Overflow
17378| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17379| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17380| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17381| [6882] Apache mod_python Malformed Query String Variant DoS
17382| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17383| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17384| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17385| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17386| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17387| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17388| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17389| [5278] Apache Tomcat web.xml Restriction Bypass
17390| [5051] Apache Tomcat Null Character DoS
17391| [4973] Apache Tomcat servlet Mapping XSS
17392| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17393| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17394| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17395| [4568] mod_survey For Apache ENV Tags SQL Injection
17396| [4553] Apache HTTP Server ApacheBench Overflow DoS
17397| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17398| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17399| [4383] Apache HTTP Server Socket Race Condition DoS
17400| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17401| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17402| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17403| [4231] Apache Cocoon Error Page Server Path Disclosure
17404| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17405| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17406| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17407| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17408| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17409| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17410| [3322] mod_php for Apache HTTP Server Process Hijack
17411| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17412| [2885] Apache mod_python Malformed Query String DoS
17413| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17414| [2733] Apache HTTP Server mod_rewrite Local Overflow
17415| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17416| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17417| [2149] Apache::Gallery Privilege Escalation
17418| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17419| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17420| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17421| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17422| [872] Apache Tomcat Multiple Default Accounts
17423| [862] Apache HTTP Server SSI Error Page XSS
17424| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17425| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17426| [845] Apache Tomcat MSDOS Device XSS
17427| [844] Apache Tomcat Java Servlet Error Page XSS
17428| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17429| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17430| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17431| [775] Apache mod_python Module Importing Privilege Function Execution
17432| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17433| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17434| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17435| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17436| [637] Apache HTTP Server UserDir Directive Username Enumeration
17437| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17438| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17439| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17440| [561] Apache Web Servers mod_status /server-status Information Disclosure
17441| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17442| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17443| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17444| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17445| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17446| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17447| [376] Apache Tomcat contextAdmin Arbitrary File Access
17448| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17449| [222] Apache HTTP Server test-cgi Arbitrary File Access
17450| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17451| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17452|_
17453445/tcp closed microsoft-ds
17454Device type: general purpose
17455Running (JUST GUESSING): Linux 2.6.X (91%)
17456OS CPE: cpe:/o:linux:linux_kernel:2.6
17457Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%)
17458No exact OS matches for host (test conditions non-ideal).
17459Uptime guess: 0.004 days (since Sun Jan 19 14:19:05 2020)
17460Network Distance: 2 hops
17461TCP Sequence Prediction: Difficulty=252 (Good luck!)
17462IP ID Sequence Generation: All zeros
17463
17464TRACEROUTE (using port 445/tcp)
17465HOP RTT ADDRESS
174661 166.30 ms 10.251.204.1
174672 166.30 ms sv3.isle.ne.jp (211.13.196.135)
17468
17469NSE: Script Post-scanning.
17470Initiating NSE at 14:24
17471Completed NSE at 14:24, 0.00s elapsed
17472Initiating NSE at 14:24
17473Completed NSE at 14:24, 0.00s elapsed
17474######################################################################################################################################
17475Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 14:24 EST
17476NSE: Loaded 47 scripts for scanning.
17477NSE: Script Pre-scanning.
17478Initiating NSE at 14:24
17479Completed NSE at 14:24, 0.00s elapsed
17480Initiating NSE at 14:24
17481Completed NSE at 14:24, 0.00s elapsed
17482Initiating Parallel DNS resolution of 1 host. at 14:24
17483Completed Parallel DNS resolution of 1 host. at 14:24, 0.02s elapsed
17484Initiating UDP Scan at 14:24
17485Scanning sv3.isle.ne.jp (211.13.196.135) [15 ports]
17486Completed UDP Scan at 14:24, 2.90s elapsed (15 total ports)
17487Initiating Service scan at 14:24
17488Scanning 13 services on sv3.isle.ne.jp (211.13.196.135)
17489Service scan Timing: About 7.69% done; ETC: 14:45 (0:19:36 remaining)
17490Completed Service scan at 14:26, 102.59s elapsed (13 services on 1 host)
17491Initiating OS detection (try #1) against sv3.isle.ne.jp (211.13.196.135)
17492Retrying OS detection (try #2) against sv3.isle.ne.jp (211.13.196.135)
17493Initiating Traceroute at 14:26
17494Completed Traceroute at 14:26, 7.17s elapsed
17495Initiating Parallel DNS resolution of 1 host. at 14:26
17496Completed Parallel DNS resolution of 1 host. at 14:26, 0.00s elapsed
17497NSE: Script scanning 211.13.196.135.
17498Initiating NSE at 14:26
17499Completed NSE at 14:26, 7.11s elapsed
17500Initiating NSE at 14:26
17501Completed NSE at 14:26, 1.01s elapsed
17502Nmap scan report for sv3.isle.ne.jp (211.13.196.135)
17503Host is up (0.092s latency).
17504
17505PORT STATE SERVICE VERSION
1750653/udp open|filtered domain
1750767/udp open|filtered dhcps
1750868/udp open|filtered dhcpc
1750969/udp open|filtered tftp
1751088/udp open|filtered kerberos-sec
17511123/udp open|filtered ntp
17512137/udp filtered netbios-ns
17513138/udp filtered netbios-dgm
17514139/udp open|filtered netbios-ssn
17515161/udp open|filtered snmp
17516162/udp open|filtered snmptrap
17517389/udp open|filtered ldap
17518500/udp open|filtered isakmp
17519|_ike-version: ERROR: Script execution failed (use -d to debug)
17520520/udp open|filtered route
175212049/udp open|filtered nfs
17522Too many fingerprints match this host to give specific OS details
17523
17524TRACEROUTE (using port 137/udp)
17525HOP RTT ADDRESS
175261 49.03 ms 10.251.204.1
175272 ... 3
175284 70.76 ms 10.251.204.1
175295 113.80 ms 10.251.204.1
175306 113.79 ms 10.251.204.1
175317 113.78 ms 10.251.204.1
175328 113.78 ms 10.251.204.1
175339 113.78 ms 10.251.204.1
1753410 113.80 ms 10.251.204.1
1753511 ... 16
1753617 29.81 ms 10.251.204.1
1753718 ...
1753819 30.12 ms 10.251.204.1
1753920 32.77 ms 10.251.204.1
1754021 ... 28
1754129 55.39 ms 10.251.204.1
1754230 74.62 ms 10.251.204.1
17543
17544NSE: Script Post-scanning.
17545Initiating NSE at 14:26
17546Completed NSE at 14:26, 0.00s elapsed
17547Initiating NSE at 14:26
17548Completed NSE at 14:26, 0.00s elapsed
17549#####################################################################################################################################
17550 Anonymous JTSEC #OpWhales Full Recon #23